# cookies

## Scope

- This directory is for cookie setup docs and local examples only.
- Treat any real browser cookie export as a secret, even if already present locally.

## Runtime Sources

- Authenticated scrapers read raw `Cookie` header strings from environment variables such as `FACEBOOK_COOKIE` and `EBAY_COOKIE`.
- Some core entrypoints also accept explicit cookie strings from request/options; explicit input takes precedence over environment values.

## Safety Rules

- Never commit real cookie values, browser exports, or session files.
- Use placeholder values in docs: `c_user=123; xs=token; fr=request`.
- Do not paste cookie values into logs, tests, fixtures, or generated agent docs.
- If editing this directory, verify diffs do not contain real `c_user`, `xs`, `fr`, `datr`, `sb`, `s`, `ds2`, or `ebay` values.