Quick answer
Log into the website first (email, password, SSO, whatever), then open the page with the images you want to download. Click the extension and download as usual. The extension can access anything your logged-in browser can see.
Not all images live on public websites. Client portfolios, private Dropbox galleries, members-only photo libraries, and paywalled content all require login. The good news: if you can see the images in your browser, the extension can download them.
bulkimagedownloader.site · Bulk Image Downloader
Click "Scan page"
finds every image, even lazy-loaded ones
IMG
product-photo-1.jpg
Done . 0.9s
IMG
gallery-hero.png
Done . 1.1s
IMG
banner-2024.webp
82%
3 of 28 converted
0 uploaded
How login-protected downloads work
The extension works the same way your browser does:
- You visit a website and log in (email + password, or SSO like Google/Microsoft).
- The website sets a cookie in your browser that says "this user is authenticated".
- Every request your browser makes includes that cookie, so the server knows you have permission to access the page.
- The extension runs inside your browser and has access to the same cookies. It can access the same pages you can.
In other words: if you can see the images by visiting the page logged-in, the extension can download them.
Step by step: download from a login-required site
- Open the website in your browser.
- Log in (email, password, SSO, two-factor, whatever).
- Navigate to the page with images you want to download.
- Confirm you can see the images (they display in your browser).
- Click the Bulk Image Downloader extension icon.
- Download as usual.
The extension downloads with the same authentication your browser is already using.
Common login scenarios
- Email + password login: Log in on the website; extension downloads.
- SSO (Google, Microsoft, GitHub): Approve the login popup; extension downloads.
- Two-factor authentication (2FA): Complete the 2FA flow in your browser; extension downloads (no 2FA prompt for the extension because you are already authenticated).
- API token or API key: Some services require an API key instead of login. The extension cannot use API keys; you would need a custom script or CLI tool.
- Paywalled content (Medium, Substack): If you are a subscriber and logged in, you can see the content; the extension can access it.
Privacy and security
Logging in to download from private pages is safe if:
- You trust the website. You would not trust a website with your password anyway, so if you logged in, you should trust it with the extension.
- The extension is legitimate. Bulk Image Downloader is open-source and has no access to your login credentials; it only uses the authenticated session your browser already has.
- The connection is HTTPS. All modern logins use HTTPS (URL starts with "https://"). If it does not, do not log in anywhere.
The extension never stores your passwords or credentials. It only accesses what your browser can already see.
When login-protected downloads might not work
- JavaScript-only logins (SPAs): Some single-page apps require JavaScript interactions after login. The extension might have trouble if login state is stored in JavaScript memory, not cookies.
- Session expiration: If your login session expires (after 1 hour of inactivity, for example), the extension will fail. Re-login and try again.
- API-gated content: If the website uses an API token instead of cookies, the extension cannot authenticate. You would need to use the API directly or a custom script.
- Geo-blocking or IP restrictions: If the website blocks certain countries or IPs, the extension is still subject to the same restrictions.
At-a-glance comparison
| Scenario | Extension works? | Workaround |
|---|---|---|
| Email + password login | Yes | Log in first |
| SSO (Google, GitHub) | Yes | Approve SSO prompt |
| Two-factor auth | Yes | Complete 2FA in browser |
| API token only | No | Use API or CLI tool |
| Session expired | No | Log in again |
| Geo-blocked | Subject to block | Use VPN (if allowed) |
Frequently asked questions
Is it safe to use the extension on password-protected pages?
Yes. The extension uses your browser's authenticated session, same as if you were viewing the page yourself. Your password is never shared with the extension.
Will my login session stay active?
Usually yes, unless the website has a short session timeout. If your session expires, log back in and try again.
Can the extension access two-factor authenticated sites?
Yes, if you complete the 2FA flow in your browser first. The extension then uses the authenticated session.
What if the website uses API tokens instead of login?
The extension cannot use API tokens. You would need to use the website's API directly or write a custom script.
Can I download from a site that blocks screenshots?
If the site allows you to view the images (not blocked by JavaScript), the extension can download them.
