# OpenClaw RPA — Auto-Login Tutorial

> **Background:** E-commerce checkout, hotel booking, and enterprise intranets often involve SMS OTP, CAPTCHA sliders, or QR-code scans that automation scripts cannot bypass directly. OpenClaw RPA's **auto-login** approach is: **user completes one real login → the framework saves cookies automatically → subsequent recordings and replays inject them automatically**, sidestepping verification challenges entirely while keeping recorded steps focused on business actions, not the login flow.

---

## Command Quick Reference

| Command | Description |
|---------|-------------|
| `#rpa-login <login-page-URL>` | Open a headed browser to the given login page; wait for you to complete login manually |
| `#rpa-login-done` | Send after login is complete — exports cookies and closes the browser |
| `#rpa-autologin <domain-or-URL>` | Add to your task description; cookies are injected before recording or replay |
| `#rpa-autologin-list` | List all saved login sessions with reference expiry status |
| `#rpa-help` | Show the full bilingual command reference |

Default cookie storage path: `~/.openclaw/rpa/sessions/<domain>/cookies.json`  
(**Never commit this file to git.**)

---

## Workflow

```
① #rpa-login <url>          Open browser → you log in (password / SMS / slider / whatever)
         ↓
② #rpa-login-done           Framework exports cookies → saves to local session file
         ↓
③ Start recording task       Add #rpa-autologin <domain> to the task description
         ↓
④ Browser auto-injects cookies   Opens directly at the post-login page — no re-login needed
         ↓
⑤ Record only business steps     Search, sort, submit, screenshot…
         ↓
⑥ Generate script            CONFIG gets cookies_path automatically; replay injects the same way
```

---

## Example: Sauce Demo — Sort Products by Price High → Low

> **Site:** [saucedemo.com](https://www.saucedemo.com)  
> **Scenario:** Save login session → open the product list directly → sort by price high to low  
> **Materials:** Full commands and screenshots below

### Step 1 — Save the login session

In the OpenClaw chat, send:

```
#rpa-login https://www.saucedemo.com/
```

A headed browser opens and navigates to the login page:

![Sauce Demo login page](../images/autoLogin_1.png)

Enter the Sauce Demo credentials:

- Username: `standard_user`
- Password: `secret_sauce`

Click **LOGIN**. Once the product list page appears, go back to the chat and send:

```
#rpa-login-done
```

The framework prints a confirmation:

```
✅ Cookie saved → ~/.openclaw/rpa/sessions/saucedemo.com/cookies.json
   Domain: saucedemo.com — 1 cookie (1 session-type)
   ⚠️  All cookies are session-type; no fixed expiry — treat as valid while the browser session holds.

   To auto-inject next time, add to your task description: #rpa-autologin saucedemo.com
```

![login-done output](../images/autoLogin_2.png)

### Step 2 — Record the sort business step

Paste the following task prompt in one message:

```
#rpa-autologin saucedemo.com

1. Open https://www.saucedemo.com/inventory.html
2. Sort products by price high to low
```

The system detects `#rpa-autologin saucedemo.com`, confirms the cookie file exists, and replies:

```
✅ Found a saved login cookie for saucedemo.com — it will be injected automatically next recording.
   Ready to start. What would you like to name this task?
```

Reply with a task name (e.g. `AutoLoginV3`). The system starts recording:

```bash
python3 rpa_manager.py record-start "AutoLoginV3" --autologin saucedemo.com
```

The browser opens `inventory.html` directly — **no re-login required**:

![Browser opened with injected cookie — product list ready](../images/autoLogin_3.png)

The AI then executes the sort step:

```
record-step '{"action":"goto","url":"https://www.saucedemo.com/inventory.html"}'
record-step '{"action":"snapshot"}'
record-step '{"action":"select_option","selector":".product_sort_container","value":"hilo"}'
record-step '{"action":"snapshot"}'
```

Screenshot confirming the sort:

![Products sorted price high → low](../images/autoLogin_5.png)

Send `#end`. The script `rpa/autologinv3.py` is generated.  
`CONFIG` in the output script automatically includes:

```python
CONFIG = {
    ...
    # Path to saved login cookies (generated by #rpa-login; leave empty to skip injection)
    "cookies_path": "/Users/<your-username>/.openclaw/rpa/sessions/saucedemo.com/cookies.json",
}
```

### Step 3 — Replay

```bash
# From a new chat:
#rpa-run:AutoLoginV3

# Or directly:
python3 ~/.openclaw/workspace/skills/openclaw-rpa/rpa/autologinv3.py
```

The script injects the cookie, opens the product list immediately, and completes the sort.

https://github.com/user-attachments/assets/233659db-f5c4-44c1-9245-0bcf53b9dfa1

---

## What to Do When Cookies Expire

| Symptom | Action |
|---------|--------|
| Script or recording redirects back to the login page | Session expired — follow the steps below |
| `login-list` shows 🔴 past reference date | Reference date passed; session likely expired |
| `login-list` shows 🟡 expiring within 7 days | Refresh proactively |

**Refresh in two commands:**

```
#rpa-login <original-login-page-URL>
→ Log in again in the browser
#rpa-login-done
```

The new cookie overwrites the old file; the next recording or replay picks it up automatically.

---

## View All Saved Login Sessions

```
#rpa-autologin-list
```

Or from a terminal:

```bash
python3 rpa_manager.py login-list
```

Sample output:

```
Domain                           Count  Session  Saved at               Status
────────────────────────────────────────────────────────────────────────────────────────────
saucedemo.com                        1       1   2026-04-07T11:01:00    ⚠️  No fixed expiry (session-type)
```

---

## FAQ

**Q: I sent `#rpa-autologin` but it says "session not found".**  
A: You haven't saved a cookie for that domain yet. Send `#rpa-login <login-page-URL>` to complete a real login first.

**Q: Where is the cookie file? Can I supply one manually?**  
A: Default path: `~/.openclaw/rpa/sessions/<domain>/cookies.json`. If you already have a Playwright-compatible cookie JSON (exported from Chrome DevTools, EditThisCookie, etc.), just drop it at that path — no need to run `#rpa-login`.

**Q: I need to log into several sites. Is that supported?**  
A: Yes. Run `#rpa-login` + `#rpa-login-done` for each site. Sessions are stored in separate per-domain subdirectories and don't interfere with each other.

**Q: Can I use the generated script on another machine?**  
A: Yes. Copy `~/.openclaw/rpa/sessions/<domain>/cookies.json` to the same path on the target machine, and point `CONFIG["cookies_path"]` to it.

**Q: Playwright can inject `httpOnly` cookies too?**  
A: Yes. `context.add_cookies()` accepts all standard cookie attributes — `httpOnly`, `secure`, `sameSite` — and behaves the same as a real browser.

---

## Related Docs

- [SKILL.en-US.md](../SKILL.en-US.md) — Full state machine and recording protocol
- [scenario-ap-reconciliation.md](scenario-ap-reconciliation.md) — AP reconciliation case (API + Excel + Word)
- [python-snippet-design.md](python-snippet-design.md) — `python_snippet` design and execution environment