How to bypass Twitter authentication in Puppeteer using saved cookies?

sofiag · July 24, 2025, 5:03am

I’m working with Puppeteer and trying to avoid the Twitter login process by using previously saved cookies. When I extract cookies from the browser console using document.cookie and try to apply them, I keep getting an error message saying Invalid parameters name: string value expected.

Here’s my current approach:

await browser.setCookie({
    user_pref_id: "v1_ABC123def+XYZqwerty789==",
    visitor_token: "v1%3A987654321012345678",
    csrf_token: "a1b2c3d4e5f6789012345678901234ab",
    analytics_track: "2h",
    marketing_prefs: "XYZABC==",
    login_remembered: 1,
    session_id: "u=123456789012345678",
    locale: "en",
    theme_preference: false,
    google_analytics: "GA1.2.9876543210.1234567890",
    ga_session: "GA1.2.5432109876.9876543210"
})

What’s the correct way to set these cookies so Twitter recognizes the session as already authenticated? Am I missing something in the cookie format or the method I’m using?

MarkSeeker91 · July 31, 2025, 8:32am

jack’s right about the format. but grab fresh cookies and set them before you navigate to twitter - don’t use old ones. twitter tokens expire fast, so i always set cookies immediately after getting them.

Jack81 · July 31, 2025, 3:04am

Your problem is that you’re passing an object to setCookie instead of the correct format. Puppeteer’s setCookie requires each cookie to be a separate object with name, value, domain, and path. I’ve encountered a similar issue with Twitter automation before.

You should structure it as follows:

await page.setCookie(
  { name: 'user_pref_id', value: 'v1_ABC123def+XYZqwerty789==', domain: '.twitter.com' },
  { name: 'visitor_token', value: 'v1%3A987654321012345678', domain: '.twitter.com' },
  { name: 'csrf_token', value: 'a1b2c3d4e5f6789012345678901234ab', domain: '.twitter.com' }
  // continue adding other cookies in the same format
);

Make sure to set the cookies first and then navigate to Twitter. The domain is crucial as Twitter uses both ‘.twitter.com’ and ‘twitter.com’, depending on the specific cookie. Use the developer tools to verify which domain each cookie should be associated with.

Sky24 · July 29, 2025, 3:27pm

Watch out for the secure flag and sameSite attributes when setting Twitter cookies. I had auth issues until I figured out some cookies need secure=true. When you grab cookies from browser console, you’re only getting name-value pairs - you’re missing the important stuff like httpOnly, secure, and sameSite settings. Twitter’s really picky about these security attributes. Use browser.cookies() instead of document.cookie to get the complete cookie data with all flags, then recreate them exactly. Also make sure you’re setting cookies on both twitter.com and x.com domains since Twitter bounces between them now.