Whats the expected behavior of save_session & load_session?

[matthewdavis]

From my testing, the save_session() and load_session() methods appear to work within the same Python process but fail completely when trying to persist sessions across separate processes or application restarts.

Expected Behavior

Session save/load should enable authentication persistence across application restarts:

# Application run #1: Save session
mm1 = MonarchMoney(session_file="test", use_encryption=True)
await mm1.login(email, password, mfa_secret)
mm1.save_session()
# Application exits

# Application run #2: Load session (new process)
mm2 = MonarchMoney(session_file="test", use_encryption=True)
mm2.load_session()  # Should work
accounts = await mm2.get_accounts()  # Should work without re-login

Actual Behavior

Within Same Process (Misleading Success)

# This appears to work but is misleading
mm1 = MonarchMoney(session_file="test", use_encryption=True)
await mm1.login(email, password, mfa_secret)
mm1.save_session()

mm2 = MonarchMoney(session_file="test", use_encryption=True)  # Same process
mm2.load_session()  # "Works" but relies on in-memory state
accounts = await mm2.get_accounts()  # Works due to shared memory

Across Processes (Real Failure)

# In a fresh Python process, this fails:
mm = MonarchMoney(session_file="test", use_encryption=True)
mm.load_session()  # FAILS with "Session file corrupted (invalid JSON)"

The error:

Session file corrupted (invalid JSON) - {'session_file': 'test'}
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

Environment

• Library: monarchmoney-enhanced (latest from GitHub)
• Python: 3.11.13 & 3.13.7
• OS: Linux

[keithah]

Hey @matthewdavis, good catch on the session persistence issue. You're right that something isn't working as expected.

The Problem

The "Session file corrupted (invalid JSON)" error suggests the session isn't being saved properly. This could be happening for a few reasons:

1. Session encryption: By default, sessions are encrypted with a default password, which might cause issues across processes
2. File location: Sessions might not be saving where you expect
3. Session format: Could be a serialization issue

Quick Debug Steps

Try this to see what's actually happening:

import os
from monarchmoney import MonarchMoney

# Login and save with explicit path
mm = MonarchMoney()
await mm.login(email, password)

# Check if we actually have a token
print(f"Token exists: {mm.token is not None}")
print(f"Token length: {len(mm.token) if mm.token else 0}")

# Save with explicit path and check file
session_path = "debug_session.pickle"
mm.save_session(session_path)

# Check if file was created and its size
if os.path.exists(session_path):
    size = os.path.getsize(session_path)
    print(f"Session file created: {session_path} ({size} bytes)")
else:
    print("Session file not created")

Then in a new process:

import os
from monarchmoney import MonarchMoney

session_path = "debug_session.pickle"
print(f"File exists: {os.path.exists(session_path)}")

mm = MonarchMoney()
try:
    mm.load_session(session_path)
    print(f"Session loaded, token exists: {mm.token is not None}")
except Exception as e:
    print(f"Load failed: {e}")

Potential Workaround

If the pickle sessions are problematic, you can manually handle the token:

# After login, save token manually
token = mm.token
with open("token.txt", "w") as f:
    f.write(token)

# In new process
with open("token.txt", "r") as f:
    token = f.read().strip()

mm = MonarchMoney(token=token)
# Should work without login

Let me know what the debug output shows and we can figure out what's going wrong with the session persistence.

[matthewdavis]

Thanks. That pointed me in the right direction. After looking into this some more.

• save_session() creates Fernet-encrypted data (gAAAAA...)
• load_session() tries to parse it as plain JSON → fails completely

So I wrote a new method to incorporate your suggested workaround to extract the token, encrypt it and load that as needed.

[keithah]

✅ Fixed in v0.10.1!

Great investigation @matthewdavis! You identified the exact issue - the session persistence was completely broken across processes. I've just released v0.10.1 which resolves this.

What Was Wrong

You were 100% correct in your analysis:

1. save_session() creates Fernet-encrypted data starting with gAAAAA...
2. load_session() tried to parse it as JSON and failed completely

The root causes were:

1. Inconsistent Encryption Keys: The default password was generated using hostname + username, which could vary between processes/environments
2. Legacy Loading Method: load_session() only handled tokens, not CSRF tokens and headers

The Fix

Stable Encryption: Default passwords now use the home directory instead of hostname/username, ensuring consistent keys across processes.

Enhanced Session Data: Both methods now handle comprehensive session data including CSRF tokens.

Testing the Fix

# Process 1: Save session
mm1 = MonarchMoney(session_file="test.json", use_encryption=True)
# ... login ...
mm1.save_session()

# Process 2: Load session (this now works!)
mm2 = MonarchMoney(session_file="test.json", use_encryption=True)  
mm2.load_session()  # ✅ Works perfectly now
await mm2.get_accounts()  # ✅ Ready to use

Upgrade

pip install --upgrade monarchmoney-enhanced

The fix maintains full backward compatibility - your existing code will work exactly the same, just with reliable cross-process session persistence.

Thanks again for the detailed bug report! Your analysis of the Fernet encryption vs JSON parsing mismatch was spot-on and made this fix much faster to implement.

Release Notes: https://github.com/keithah/monarchmoney-enhanced/releases/tag/v0.10.1

[keithah]

✅ Fixed in v0.10.1!

Great investigation @matthewdavis! You identified the exact issue - the session persistence was completely broken across processes. I've just released v0.10.1 which resolves this.

What Was Wrong

You were 100% correct in your analysis:

1. save_session() creates Fernet-encrypted data starting with gAAAAA...
2. load_session() tried to parse it as JSON and failed completely

The root causes were:

1. Inconsistent Encryption Keys: The default password was generated using hostname + username, which could vary between processes/environments
2. Legacy Loading Method: load_session() only handled tokens, not CSRF tokens and headers

The Fix

Stable Encryption: Default passwords now use the home directory instead of hostname/username, ensuring consistent keys across processes.

Enhanced Session Data: Both methods now handle comprehensive session data including CSRF tokens.

Testing the Fix

# Process 1: Save session
mm1 = MonarchMoney(session_file="test.json", use_encryption=True)
# ... login ...
mm1.save_session()

# Process 2: Load session (this now works!)
mm2 = MonarchMoney(session_file="test.json", use_encryption=True)  
mm2.load_session()  # ✅ Works perfectly now
await mm2.get_accounts()  # ✅ Ready to use

Upgrade

pip install --upgrade monarchmoney-enhanced

The fix maintains full backward compatibility - your existing code will work exactly the same, just with reliable cross-process session persistence.

Thanks again for the detailed bug report! Your analysis of the Fernet encryption vs JSON parsing mismatch was spot-on and made this fix much faster to implement.

Release Notes: https://github.com/keithah/monarchmoney-enhanced/releases/tag/v0.10.1