yt-dlp: Youtube cookies expire within hours

DO NOT REMOVE OR SKIP THE ISSUE TEMPLATE

  • I understand that I will be blocked if I intentionally remove or skip any mandatory* field

Checklist

Please make sure the question is worded well enough to be understood

I have been used to youtube coookies lasting a couple of weeks. But since a few weeks I have to update the cookies for yt-dlp daily. Does anyone know what is happening here? My guess is that youtube change its policies. If that is the case, is there a way to automate the process? My current “workflow”:

  1. Opening youtube.com in firefox,
  2. log in to my channel
  3. export cookies (all domains) using “Export cookies”
  4. Use the cookies file with yt-dlp

Provide verbose output that clearly demonstrates the problem

  • Run your yt-dlp command with -vU flag added (yt-dlp -vU <your command line>)
  • If using API, add 'verbose': True to YoutubeDL params instead
  • Copy the WHOLE output (starting with [debug] Command-line config) and insert it below

Complete Verbose Output

[debug] Command-line config: ['-vU']
[debug] Encodings: locale UTF-8, fs utf-8, pref UTF-8, out utf-8, error utf-8, screen utf-8
[debug] yt-dlp version stable@2023.09.24 [088add956] (pip)
[debug] Python 3.11.5 (CPython armv7l 32bit) - Linux-5.10.63-v7+-armv7l-with-glibc2.28 (OpenSSL 1.1.1n  15 Mar 2022, glibc 2.28)
[debug] exe versions: ffmpeg 4.1.11-0, ffprobe 4.1.11-0
[debug] Optional libraries: Cryptodome-3.19.0, brotli-1.1.0, certifi-2023.07.22, mutagen-1.47.0, sqlite3-3.27.2, websockets-11.0.3
[debug] Proxy map: {}
[debug] Loaded 1886 extractors
[debug] Fetching release info: https://api.github.com/repos/yt-dlp/yt-dlp/releases/latest
Available version: stable@2023.09.24, Current version: stable@2023.09.24
yt-dlp is up to date (stable@2023.09.24)

About this issue

  • Original URL
  • State: open
  • Created 9 months ago
  • Reactions: 3
  • Comments: 24 (9 by maintainers)

Most upvoted comments

TL;DR of current known workarounds:

  1. Export cookies in a private/incognito window
    • Open new private/incognito tab, log into youtube, open a new tab, close youtube tab then export cookies. Be sure to close the window after to ensure the cookies are never used in the browser.
  2. Block https://accounts.youtube.com/RotateCookiesPage and https://accounts.youtube.com/RotateCookies in your browser you are using cookies from (not recommended)
  3. Use --cookies-from-browser if your action is quick
  4. Log in using oauth2 with this experimental plugin: https://github.com/coletdjnz/yt-dlp-youtube-oauth2

https://github.com/coletdjnz/yt-dlp-youtube-oauth2

Yes! Time to grab this link above and integrate to official builds right now. Seems Google started deprecate third party cookies, first party cookies deprecates soon in short to middle. They were annouced and deploying new mechanism on Chromium based browser. YES! TIME TO DEPLOY OAUTH LOGIN SUPPORT RIGHT NOW.

From a quick look: the browser appears to be callinghttps://accounts.youtube.com/RotateCookiesPage?origin=https://www.youtube.com&yt_pid=1. This runs another javascript rube goldberg machine to transform a value akin to nsig. It then calls https://accounts.youtube.com/RotateCookies with that transformed value which refreshes the cookies.

I’m guessing this is required or else the cookies are invalidated by YouTube if they are not refreshed.

We could attempt to implement this, but, I don’t think its really feasible or worthwhile to maintain.

Probably better off spending that time implementing oauth support for YouTube.

A simple workaround would be to generate the cookies file in an incognito window, where the cookies are never used again in browser and therefore will never be rotated.

A few weeks ago, I saw this workaround somewhere (without knowing why) and tried it out. And my cookies file is still valid until now.

From a quick look: the browser appears to be callinghttps://accounts.youtube.com/RotateCookiesPage?origin=https://www.youtube.com&yt_pid=1. This runs another javascript rube goldberg machine to transform a value akin to nsig. It then calls https://accounts.youtube.com/RotateCookies with that transformed value which refreshes the cookies.

I’m guessing this is required or else the cookies are invalidated by YouTube if they are not refreshed.

We could attempt to implement this, but, I don’t think its really feasible or worthwhile to maintain.

Probably better off spending that time implementing oauth support for YouTube.

Blocking these 2 URLs (using an ad-blocker) can be a workaround for this, in addition to generate the cookies from a private window/a browser you never use.

From a quick look: the browser appears to be callinghttps://accounts.youtube.com/RotateCookiesPage?origin=https://www.youtube.com&yt_pid=1. This runs another javascript rube goldberg machine to transform a value akin to nsig. It then calls https://accounts.youtube.com/RotateCookies with that transformed value which refreshes the cookies.

I’m guessing this is required or else the cookies are invalidated by YouTube if they are not refreshed.

We could attempt to implement this, but, I don’t think its really feasible or worthwhile to maintain.

Probably better off spending that time implementing oauth support for YouTube.

I was using [my browser] all the time with the same account logged in as I am using for yt-dlp.

I’d imagine this is common practice for many/most users of yt-dlp, and as such we should keep this issue open until there is some kind of solution applied to yt-dlp

I’ve uploaded a cookie regenerator on my gist. It can be easily ported to youtube just by changing the urls, I guess.

https://gist.github.com/szv99/f78c032736443fab51075bc45f9faf09

I’m noticing this too. Will need some investigation.

I suspect there might have been a change where active requests in the browser are causing cookies to be replemised.

I first tried to export cookies and use --cookies “%~dp0\cookies.txt” to specify cookies, but after a few minutes, it became invalid. When I downloaded member-only videos, it prompted me to need a higher level. permission.

Later, I used the --cookies-from-browser firefox parameter and logged in to YouTube in the browser. Everything worked fine at first, but after a few minutes to dozens of minutes, the same cookie failure occurred.

It seems that youtube is rapidly invalidating cookies for IP addresses that have been flagged (e.g. data center IPs) or blocked (you would be getting 403 error responses from videoplayback URL requests without cookies).

Using --cookies-from-browser would be the simplest way around this. You may need to refresh the cookies in browser; so if you need full automation you could have an external script launch firefox pointing to youtube dot com before executing yt-dlp