Maintain Xfinity account session (less password resets) #39
Conversation
|
Thanks for the addition. Can you lint the changes. I have added cookies in past and ran it for a couple of months and saw no difference for password resets. Has this made a difference for you? I even tried turning on 2fa and automating that and still no change. If you look at the Xfinity forums there are many posts about forced password reset. So I think it's a very tight system on their side to flag an account. |
You're welcome. I've implemented your suggestions and cleaned up the code with linting. Adding cookies has made a significant difference for me. I'm fetching the latest usage every 15 minutes, and prior to implementing this change, my account password would need to be reset two to three times per day. Sometimes the reset would fail, and I would have to manually reset the password and update my config. Since I implemented the cookie storage, I have not had to reset my password once, and from looking through the logs, my session has been maintained the entire time as well. I'm not sure how you implemented cookies before, but my approach here was to always ensure the latest cookies are persisted. Loading up the account page on line 154 submits the latest cookies to Xfinity, and the response contains a refreshed session cookie which can then be saved and reused for the next fetch. The nice thing about this approach is if for some reason the session expires, you're already on the login page and can submit the credentials and reauthenticate without having to load up a separate page. From Xfinity's perspective, this traffic should look like a single login with the user refreshing the page from time to time, maintaining the session. This should look less suspicious since the login phase can be completely avoided, assuming the refresh interval is set low enough the session does not expire. |
I've been getting tons of Xfinity password resets and I've made an enhancement that will cut down on it.
Instead of logging in every single time, this PR will persist the cookies that contain the session information to the filesystem. The cookies will be reused on every fetch, and if the fetch occurred recently, the session will be maintained, avoiding a login.
If for some reason the session does expire, the fetch will login in again and follow the exact same logic for passwords resets as before.
In addition to this cookies, I made a small change for compliance with TypeScript 4.4: https://www.typescriptlang.org/docs/handbook/release-notes/typescript-4-4.html#using-unknown-in-catch-variables