The Cookies tab provides a dedicated interface for managing .ROBLOSECURITY cookies across all stored accounts — independent from the Accounts tab.
Cookie Table
Each row in the cookie table represents one stored account:
| Column | Description |
|---|
| Username | Associated Roblox account name |
| Status | Valid / Expired / Invalid |
| Age | Days since the cookie was last refreshed |
| Age Indicator | 🟢 Under 7 days / 🟡 7–20 days / 🔴 Over 20 days |
| Refresh Button | Per-row button to immediately refresh this cookie |
Cookie Age Indicators
| Color | Age Range | Meaning |
|---|
| 🟢 Green | Under 7 days | Fresh — no action needed |
| 🟡 Yellow | 7–20 days | Getting stale — consider refreshing soon |
| 🔴 Red | Over 20 days | High risk of expiry — refresh immediately |
Refreshing Cookies
Manual Refresh
Click the Refresh button on any row to immediately re-validate and obtain a fresh cookie for that account. The result is logged in the Logs tab.
Bulk Refresh
Click Refresh All to queue every stored cookie for refresh. Refreshes run sequentially with a configurable delay between each one.
| Setting | Default | Description |
|---|
| Delay Between Refreshes | 5 seconds | Pause between each cookie refresh in a bulk run |
Auto Cookie Refresh
A background thread silently refreshes all cookies on a repeating schedule:
| Setting | Key | Default |
|---|
| Auto Cookie Refresh | auto_cookie_refresh | true (enabled) |
| Refresh Interval | cookie_refresh_interval_hours | 24 hours |
| Delay Between Refreshes | cookie_refresh_delay | 5 seconds |
Auto refresh runs entirely in the background — you don’t need to do anything. A log entry is written each time a cookie is successfully refreshed or fails.
How Cookie Refresh Works
Botify uses the auth ticket exchange method to obtain fresh cookies without requiring a new login:
Generate CSRF Token
Requests a CSRF token from the Roblox API using the existing .ROBLOSECURITY cookie.
Exchange for Auth Ticket
Uses the CSRF token + existing cookie to request a Roblox auth ticket.
Obtain Fresh Cookie
Exchanges the auth ticket for a brand-new .ROBLOSECURITY cookie.
Update MongoDB
Saves the fresh cookie to the botify_cookies collection, updating the age timestamp.
Cookies that have been fully invalidated (account banned, manually logged out, or password changed) cannot be refreshed this way. They will be marked Expired and must be re-added via the Accounts tab using Browser Login or Cookie Paste.