Question about the login process.

[DerErzengel]

Hello dear ASF team,

I am very enthusiastic about your program and it really works very well! The program has motivated me to try something with the Steam API myself and to write some scripts that track certain community mark histories.
But I always need a session cookie from Steam (steamLoginSecure). How does ASF get this cookie? Is there a way to get this cookie automatically?

Thank you very much for your answers!

[JustArchi]

ASF goes through login gate set up by Steam, we use SteamKit2 library for that, passing the gate requires login, password and optionally also 2FA detail such as mobile token or e-mail one.

After passing the gate, we're given access and refresh token to work. Access token is valid only for around 24h, while refresh token is valid for much longer period. Refresh token is used to obtain new access token when old one is close to expiration, it's also used for refreshing the refresh token as well. The cookie value you've asked is created from constructing {steamID}||{accessToken} value, where access token is as described before, while steamID is simply steam identificator of the account in its 64-bit form.

You have the full source of ASF if you want to dig deeper and see the code responsible for above. You might also have more luck coding your stuff using ASF plugins, which will allow you to use existing ASF mechanisms and skip 9 years of headaches that we (especially me) had to resolve before you. Or do it the hard way if you like 😉

[DerErzengel]

Thank you very much for your answer! You have very good points there, and I think I won't be able to realize it without using ASF. You only work with Steam Session Cookies and not the Steam API, right?

Could I then get the session cookie for my program (ASF is running for me anyway) every 24 hours and continue working with it in another program?
I would like to work with the Steam Community Market only. Is there any Advantage using ASF directly with C# rather than trying to develope my programm in Python or Java in this Usecase?

[JustArchi]

ASF works with everything, for API access token can be used instead of API key in some endpoints, other require API key or different credentials.

Could I then get the session cookie for my program (ASF is running for me anyway) every 24 hours and continue working with it in another program?

That's not supported scenario, ASF credentials, including tokens, are expected to be used by ASF exclusively. Most likely they'll not work for you either due to different user-agents, method of obtaining them (CM servers) and likewise, even if you "steal" them from ASF.

Is there any Advantage using ASF directly with C# rather than trying to develope my programm in Python or Java in this Usecase?

Advantage includes not wasting hours trying to get all the missing bits and pieces together by writing code that can focus on your needs right away. You could like, skip whole this thread asking how to obtain session cookies and just tell ASF to send your web request. If you intend to go hard way and do it yourself then you're more than welcome to, but don't expect from me to do your homework in how to get there, I've already spent last 9 years doing it in ASF 🙂

[DerErzengel]

Wow, that was a quick answer, thank you!

You're 100% right, of course. I'll try to read more of your good and really detailed documentation to get a bit more understanding.
And much respect for creating such an awesome tool!

[DerErzengel]

Quick question: Where can I find the information about ArchiWebHandler?

[Rudokhvist]

Source code.

[nolddor]

https://github.com/JustArchiNET/ArchiSteamFarm/blob/main/ArchiSteamFarm/Steam/Integration/ArchiWebHandler.cs