Note: For learning and communication purposes only. Commercial use is strictly prohibited. Please delete within 24 hours. Do not spread on social platforms. If this project is helpful to you, please give it a star, it helps me a lot, thank you!
Please check issues | discussions first if you have questions
English | 简体中文 | Update Log
Cookie-share is a Chrome/Edge/Firefox extension (also available as a Tampermonkey script) that allows users to send and receive cookies between different devices or browsers. It can be used for multiple account switching, video membership sharing, community subscription sharing, and other scenarios. The backend uses self-hosted Cloudflare Worker to ensure data security.
Tampermonkey Script One-Click Install (Recommended) | Mirror | Extension Download
Many websites don't support multiple account switching, don't want to log out and log in again?
Have a video membership subscription, tired of scanning QR codes for friends?
Joined a community platform, want to share costs with classmates?
Simply too lazy to take out your phone or enter passwords when switching devices?
- Go to the homepage of a logged-in website (any address with cookies works)
- Click the extension icon, customize an ID (only letters and numbers supported), send the cookie
- On devices without login, visit the login page, use the ID you just created to get cookies, wait for the extension to show successful cookie retrieval and setup, then refresh the page
Tested websites:
- Certain community platforms
- Certain video platforms
- Certain L sites
- Generate random unique IDs for cookie sharing
- Send cookies from current tab to server
- Receive and set cookies from server to current tab
- Admin features for managing stored cookies
- Due to greater extension permissions, can support
HTTPOnlycookies that JS cannot access
- Install Tampermonkey or other script managers
- One-Click Install | Mirror
- If you encounter cookie permission issues, please enable it in Tampermonkey settings
- Send Cookie from logged-in browser page
- Accept Cookie on non-logged-in browser page
- Note: Don't add
/after the address, example:https://your-worker-name.your-subdomain.workers.dev/{PATH_SECRET}
- Enable browser developer mode:
- Chrome/Edge: Visit
chrome://extensions/ - Firefox: Visit
about:debugging#/runtime/this-firefox
- Chrome/Edge: Visit
- Load extension:
- Chrome/Edge: Drag
cookie-share.zipdirectly into browser - Firefox: Temporarily load
cookie-share.xpifile or install from Firefox Add-ons
- Chrome/Edge: Drag
- Click Cookie-share icon in browser toolbar
- Send Cookie from logged-in browser page
- Accept Cookie on non-logged-in browser page
- Note: Don't add
/after the address, example:https://your-worker-name.your-subdomain.workers.dev/{PATH_SECRET}
- Register Cloudflare account and create a Worker
- Copy contents of _worker.js to newly created Worker
- Add following environment variables in Cloudflare Worker settings:
ADMIN_PASSWORD: Set a strong password for accessing admin endpointsPATH_SECRET: Set a strong string to prevent brute force attacksCOOKIE_STORE: Create a KV namespace for storing cookie data
- Bind KV namespace in Worker settings:
- Variable name:
COOKIE_STORE - KV namespace: Select your created KV namespace
- Variable name:
- Save and deploy Worker
- Note Worker URL format:
https://your-worker-name.your-subdomain.workers.dev/{PATH_SECRET}(use custom domain if blocked)
- Ensure
ADMIN_PASSWORDis set to a strong password and changed regularly - Don't hardcode
ADMIN_PASSWORDin code, always use environment variables - Regularly review stored data, delete unnecessary cookie data
- Consider setting expiration times for cookie data to reduce risk of storing sensitive information long-term
- Use
PATH_SECRETin worker config to prevent brute force attacks - Set complex project names and disable built-in workers.dev domain
If /{PATH_SECRET}/admin/* endpoints have issues, check if X-Admin-Password is added or use CF official KV management page
Backend implemented as Cloudflare Worker, provides following endpoints:
Note: Add X-Admin-Password: yourpassword
Example:
/{PATH_SECRET}/admin/list-cookies
curl --location --request GET 'https://your-worker-name.your-subdomain.workers.dev/{PATH_SECRET}/admin/list-cookies' \
--header 'X-Admin-Password: yourpassword'/{PATH_SECRET}/admin/delete
curl --location --request DELETE 'https://your-worker-name.your-subdomain.workers.dev/{PATH_SECRET}/admin/delete?key={yourid}' \
--header 'X-Admin-Password: yourpassword'Available endpoints:
POST /{PATH_SECRET}/send-cookies: Store cookies associated with unique IDGET /{PATH_SECRET}/admin: Access admin management pageGET /{PATH_SECRET}/admin/list-cookies: List all stored cookie IDs and URLsGET /{PATH_SECRET}/admin/list-cookies-by-host: List cookies filtered by hostnameDELETE /{PATH_SECRET}/admin/delete: Delete data for given keyPUT /{PATH_SECRET}/admin/update: Update data for given keyOPTIONS /{PATH_SECRET}/: Handle CORS preflight requests
Admin management page provides user-friendly interface for managing cookies and other data stored in Worker. Includes viewing all stored cookies, creating new cookie entries, updating existing cookies, and deleting individual cookies or all stored data.
To access admin page, navigate to https://your-worker-name.your-subdomain.workers.dev/admin in browser. Admin password required before accessing management interface.
Admin endpoints require authentication using admin password.
manifest.json: Extension configuration filepopup.html: HTML structure for extension popuppopup.js: JavaScript for handling user interactions and cookie operationsstyle.css: CSS styles for popup_worker.js: Cloudflare Worker script for backend operations
Modifying extension:
- Edit relevant files (
popup.html,popup.js,style.css) - Reload extension in Chrome to see changes
Modifying backend:
- Edit
_worker.jsfile - Deploy updated Worker to Cloudflare
- Future updates will focus on Tampermonkey script, extension temporarily not updated
aBER0724 (aBER) - Contributed initial Tampermonkey script version
Contributions welcome! Feel free to submit Pull Requests.
MIT