Many websites require authentication before allowing access to protected content or actions. Browserbase provides flexible methods for handling authentication in automated sessions, ensuring seamless logins while maintaining security and efficiency.

Why Authentication Matters in Automation

• Ensures access to restricted content without manual intervention.
• Reduces session expiration issues by persisting login states.
• Prevents bot detection and account lockouts with stealth techniques.

​

Strategies for Handling Authentication

Handling authentication in automation requires maintaining session state, avoiding bot detection, and resolving challenges like CAPTCHAs or multi-factor authentication (MFA). Browserbase provides several strategies to help you authenticate reliably while ensuring security and efficiency.

1. Create a session with context, proxies, and fingerprinting.
2. Use the Session Live View to log into the website.
3. Use the context ID to persist the authentication state across future sessions.

​

Create an Session with Contexts, Proxies, and Fingerprinting

Ensure seamless authentication by persisting login sessions, avoiding detection, and preventing IP-based blocking.

• Apply Contexts → Store cookies, session tokens, and local storage to prevent repeated logins. Log in once, then reuse the saved authentication state.
• Enable Stealth Mode → Adjust browser, OS, and screen settings to blend in with real users and bypass detection.
• Use Proxies → Rotate residential proxies and match IP locations to prevent tracking and login restrictions.

By combining contexts, stealth mode, and proxies, you can create secure, stable, and automated authentication workflows.

import { Browserbase } from "@browserbasehq/sdk";
const bb = new Browserbase({ apiKey: process.env.BROWSERBASE_API_KEY! });

async function createSessionAuthSession(contextId: string) {
    const session = await bb.sessions.create({
    projectId: process.env.BROWSERBASE_PROJECT_ID!,
        browserSettings: {
            context: {
                id: contextId,
                persist: true
            }
        },
        proxies: [
        {
            "type": "browserbase",
            "geolocation": {
                "city": "New York",
                "state": "NY",
                "country": "US"
            }
        }],
    });
    return session;
}
const contextId = "<context-id>";
const session = await createSessionAuthSession(contextId);
console.log("Session URL: https://browserbase.com/sessions/" + session.id);

​

Use the Session Live View to login

For authentication workflows, the best practice is to log in manually once using Session Live View, then persist the authentication state across future sessions using contexts. This approach ensures secure, repeatable logins without needing manual input every time.

1. Start a new session and retrieve the Session Live View URL.
2. Open the Live View in your browser to interact with the session in real time.
3. Once logged in, the session’s authentication data (cookies, session tokens) is stored.
4. Save the session context id so future sessions can reuse the authentication state without logging in again.

​

Use the context ID to persist the authentication state across future sessions

After logging in once, you can reuse the authentication state by storing it in a context. This allows future sessions to bypass the login process, maintaining access to authenticated pages without needing manual input.

Now, any session using this context.id will start already logged in, eliminating the need to authenticate again. By persisting authentication with contexts, you can ensure seamless automation, reduce login failures, and improve session continuity.

​

2FA Challenges

Two-step verification (via authenticator apps or SMS) or magic links usually require human intervention in the loop. There are 2 main strategies to manage 2FA:

1. Disable 2FA or create an app password
2. Enable Remote Control of your Session

​

Disable 2FA or create an app password

For an internal tool, try to turn off the two-step verification.

For an authentication flow requiring some level of security, try to create an app password.

​

Enable Remote Control of your Session

If a two-step verification mechanism cannot be bypassed or disabled, consider handing back control to the end user by leveraging the Session Live URLs.

​

Accessing an authentication flow with Stealth Mode

Many authentication flows implement mechanisms to prevent web automation:

• IP addresses restrictions
• User agent filtering
• Captchas (ex: Clerk now features a captcha challenge on all authentication flows)
• Rate limiting

When running your browser session, dealing with these impediments may require setting up IP rotations with proxies along with captcha solving and fingerprint generators.

By automating with Browserbase, you get opt-in proxies, automatic, fully configurable fingerprinting, and captcha solving—without any coding:

​

Speed up your automation by reusing cookies

Some websites or web apps rely on cookies-based Sessions, which can be easily retrieved and reused to speed up your automation.

The code examples below showcases how to retrieve and set cookies to avoid your automation to go through the authentication flow at each run: