Could you elaborate on cloud runs and cookies? E.g.:
- How are the cookies obtained? I saw that in the video you clicked the "add" button at 1:36, how does this work and what happens behind the scenes?
- How long do the cookies remain in use? Does the user have to refresh cookies manually at some point?
The cookies are used for as long as the user keeps them in the cloud flow. (Browserflow doesn't try to be smart and automatically refresh the cookies on your behalf because there are scenarios like using multiple accounts in the same browser, etc.) Most major sites use quite long expiration dates for cookies (a year is fairly common) so there usually aren't issues with cookies becoming invalid for a while.
Several years ago I implemented a similar feature just reversed - A remote machine logs a user in, then passes the cookies that result from login to an extension running in the user's browser, which drops them into the browser's cookie jar.
Worked very nicely, right until you run it to log into a service like GMail.
Then Google correctly notes that you're using the same cookie in two different locations, assumes you've been session-jacked (and you have, really - you just did it willingly), and locks EVERYTHING. It took a notarized copy of my drivers license before they let me back in.
I don't know how accurate Google can be, though, as I route Gmail traffic from the same cookie through three ISPs and a self hosted VPN, without refreshing.