The app persists your VRChat authentication state in a config.json file located relative to the executable. This file is created automatically on first login.
Never share your config.json file. It contains your VRChat auth cookie, which grants full access to your account without requiring a password.
File location
config.json # relative to the executable
JSON schema
{
"auth_cookie": "authcookie_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"user_id": "usr_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"last_login": "2024-01-15T10:30:00Z",
"remember_me": true
}
Field descriptions
| Field | Type | Description |
|---|
auth_cookie | string | VRChat auth cookie extracted from the login response. Used as the auth cookie header for all API requests. |
user_id | string | Your VRChat user ID, retrieved from the auth/user endpoint after a successful login. |
last_login | string | null | ISO 8601 timestamp of the last successful login. Set to null when remember_me is false. |
remember_me | boolean | Whether to persist credentials between sessions. When false, auth_cookie and user_id are cleared after the session ends. |
Startup behavior
When the app starts, it reads config.json and checks whether auth_cookie is non-empty. If a valid cookie is present, the app skips the login screen and goes directly to the avatar browser.
If config.json does not exist or auth_cookie is empty, the app shows the login screen.
remember_me behavior
When you log in with Remember me unchecked:
auth_cookie is cleared from config.json after the sessionuser_id is cleared from config.json after the sessionlast_login is set to null- You will be prompted to log in again on next launch
When Remember me is checked, all fields are written and persist between launches.
config.json is stored as plain text JSON for simplicity. It is not encrypted. Treat it with the same care as a password.
Forcing re-login
To force the app to prompt for login on next launch, either delete config.json entirely or clear the auth_cookie value:
# Delete the file entirely
rm config.json
config.json and set auth_cookie to an empty string:
{
"auth_cookie": "",
"user_id": "",
"last_login": null,
"remember_me": false
}