Store cookies for multiple sites on remote server and connect from multiple clients



Would it be secure to:

  1. Store all my website cookies (stack sites, webhost, github, web-based email, etc) on a remote server (using an customized open-source VPN or something)
  2. Login to the server with password + 2fa (and maybe have a trusted devices list?)
  3. Keep the cookies only on the server… never actually download them to any of my devices
  4. When visiting stackexchange.com, for example, my server would send the cookies to stack exchange, get the response, and send it back to me, but REMOVE any cookies & store them only on my server

Benefits (I think):

  1. I could keep diverse and very strong passwords for every website, but don’t store the passwords anywhere digitally (keep them on paper in a safe at home or something)
  2. logging in to all the sites I use on a new device only requires one sign in (to my custom VPN server)
  3. Only cookies would be stored digitally, so if anything went wrong server-side, my passwords would be safe & I could disable all the logins through each site’s web-interface

Problems (I think):

  1. If the authentication to my custom VPN is cracked, then every website I’ve logged into would be accessible
  2. The time & energy & learning required to set something like this up.

Improvement idea:

  1. When I sign in to the server the first time, the server creates an encryption key, encrypts all the cookies with it, and sends the encryption key to me as a cookie. Then on every request, my browser uploads the key, the website’s cookie is decrypted, then the request is made to whatever website I’m visiting. Then only one client could be logged in at a time (unless the encryption cookie were stolen)
  2. Encrypt each cookie with a simple password, short password or pin number
  3. An encryption key that updates daily (somehow)
  4. Keep a remote list of trusted devices, identified by IP address? Or maybe by cookie?

Why not just sign into the browser and sync cookies across devices?

  • Signing into Firefox mobile & Firefox on my computer doesn’t give the cookies to Twitter’s or Facebook’s web-browsers (that frustratingly always open first instead of taking me to my actual browser!)
  • It’s not as cool?
  • That would require me to trust a third-party (of course, I’ll ultimately have to trust my web-host to some extent)