Mousehole Cookie Sharing

[t-mart]

Hi there,

I noticed that MouseSearch may be querying Mousehole for its current cookie in order to authenticate to other MAM API endpoints:

1. MouseSearch/app.py

   Lines 3094 to 3099 in 2c6c28b

   	current_cookie = normalize_mam_cookie_value(state.get("currentCookie"))
   	mousehole_last_host_ip = str((state.get("host") or {}).get("ip") or "").strip()
   	mousehole_cookie_last_refresh = time.monotonic()
   	if current_cookie:
   	mam_session_cookies["mam_id"] = current_cookie
   	mousehole_last_mam_cookie = current_cookie

2. MouseSearch/app.py

   Lines 3755 to 3772 in 2c6c28b

   	mam_id_present = bool(mam_session_cookies.get("mam_id"))
   	if not url:
   	message = "MAM API URL is not configured."
   	app.logger.warning("[MAM-API] %s url=%s mam_id_present=%s", message, sanitized_url, mam_id_present)
   	return {"data": None, "message": message, "status_code": 500}
   	if not mam_id_present:
   	if uses_mousehole_mam_cookie():
   	message = mousehole_cookie_last_error or "Mousehole MAM cookie is not configured."
   	else:
   	message = "MAM session ID is not configured."
   	app.logger.warning("[MAM-API] %s url=%s mam_id_present=%s", message, sanitized_url, mam_id_present)
   	return {"data": None, "message": message, "status_code": 401}
   	api_url = f"{url}/jsonLoad.php"
   	try:
   	response = await request_mam("GET", api_url, cookies=mam_session_cookies, timeout=10)

If that's what's happening, it would cause both applications to break intermittently. The mam_id cookie rotates on every request: when a client sends cookie value A, MAM invalidates A and returns a new value B in the response. Only that client now has B. Any other client still holding A will fail to authenticate on its next request.

The fix is to create a separate MAM session for MouseSearch on the Security Settings page, which gives it its own independent cookie chain. That way the two applications don't interfere with each other.

Happy to clarify anything if helpful!