*(In continuation of: Selenium Teleport: Skip Login Screens Forever)*
Selenium Teleport is a specialized Python library designed to eliminate the 'Login Tax' in browser automation. It works by capturing the complete browser state—including cookies, localStorage, sessionStorage, and IndexedDB—and 'teleporting' it into fresh browser instances. This allows tests to arrive at their destination already authenticated, skipping slow and flaky login flows entirely.
What's New in v2.1.0
A few months ago, I released Selenium Teleport to solve a simple problem: skip login screens in browser automation. Today, I'm releasing v2.1.0 with the security features that make it production-ready.
The Security Problem
The original Selenium Teleport worked great. But there was a problem: state files contain sensitive data.
{
"cookies": [
{"name": "session_id", "value": "abc123xyz789..."},
{"name": "auth_token", "value": "eyJhbGciOiJIUzI1NiIs..."}
],
"localStorage": {
"jwt": "eyJhbGciOiJSUzI1NiIsInR5cCI6..."
}
}Session tokens. JWTs. Authentication credentials. All in plain JSON. For local testing, that's fine. For CI/CD pipelines, shared environments, or any enterprise use case, it's a security risk.
State File Encryption
v2.1.0 introduces Fernet symmetric encryption to ensure your credentials stay private.
import os
from selenium_teleport import create_driver, Teleport
# Generate a key once (save this securely!)
# key = generate_key()
os.environ["TELEPORT_ENCRYPTION_KEY"] = "your-fernet-key-here"
driver = create_driver()
with Teleport(driver, "session.enc", encrypt=True) as t:
if t.has_state():
t.load("https://example.com/dashboard")
else:
driver.get("https://example.com/login")
# Login...The state file is now encrypted at rest. No more plaintext credentials on disk.
Security Validation Layers
Beyond encryption, v2.1.0 adds three critical validation layers:
1. Token Expiry Validation
from selenium_teleport import load_state
# Automatically removes expired cookies before injection
load_state(driver, "session.json", "https://example.com", validate_expiry=True)No more injecting stale tokens that cause silent authentication failures.
2. Domain Validation
# Prevents cross-domain injection attacks
load_state(driver, "evil_state.json", "https://bank.com", validate_domain=True)
# Raises DomainMismatchError if state was saved from a different domainState from `evil.com` can't be loaded into `bank.com`.
3. Input Sanitization
Enterprise-grade input validation is now built-in, protecting against path traversal and SSRF attempts.
Modular Architecture
The original `core.py` was a monologue of 816 lines. v2.1.0 breaks it into 10 focused modules for long-term maintainability.
Exception Hierarchy
No more generic `Exception` catches. v2.1.0 has a proper exception hierarchy for granular error handling.
from selenium_teleport import (
TeleportError, # Base
SecurityError, # Security violations
DomainMismatchError, # Cross-domain attempt
EncryptionError, # Encryption/decryption failed
ExpiredSessionError, # All cookies expired
StateFileNotFoundError, # File doesn't exist
)
try:
load_state(driver, "session.json", "https://example.com")
except DomainMismatchError:
print("Security violation: domain mismatch")
except ExpiredSessionError:
print("Session expired, re-authenticating...")GDPR-Compliant Deletion
For compliance requirements, you can now securely overwrite files before deletion.
from selenium_teleport import delete_state
# Securely overwrite before deletion
delete_state("session.json", secure=True)48 Unit Tests + CI/CD
Full test coverage across all modules ensures reliability. GitHub Actions CI runs tests across Python 3.8-3.12 with linting and security scanning.
pytest tests/ -v
# 48 passedsb-stealth-wrapper v0.4.0 Integration
Updated for the latest sb-stealth-wrapper with `success_criteria` support.
from selenium_teleport import create_driver
with create_driver(use_stealth_wrapper=True, success_criteria="Dashboard") as bot:
bot.safe_get("https://example.com")Get Started
pip install selenium-teleport[security,stealth]