get all tokens if other window refresh token

addon/background.js

@@ -20,7 +20,7 @@ chrome.runtime.onMessage.addListener((request, sender, sendResponse) => {
         return;
       }
       const [orgId] = cookie.value.split("!");
-      const orderedDomains = ["salesforce.com", "cloudforce.com", "salesforce.mil", "cloudforce.mil", "sfcrmproducts.cn", "force.com", "salesforce-setup.com"];
+      const orderedDomains = ["salesforce.com", "cloudforce.com", "salesforce.mil", "cloudforce.mil", "sfcrmproducts.cn", "force.com", "salesforce-setup.com", "visualforce.com", "sfcrmapps.cn", "force.mil", "visualforce.mil", "crmforce.mil"];
 
       orderedDomains.forEach(currentDomain => {
         chrome.cookies.getAll({name: "sid", domain: currentDomain, secure: true, storeId: sender.tab.cookieStoreId}, cookies => {
@@ -45,6 +45,23 @@ chrome.runtime.onMessage.addListener((request, sender, sendResponse) => {
     });
     return true; // Tell Chrome that we want to call sendResponse asynchronously.
   }
+  if (request.message == "getAllSessions") {
+    chrome.cookies.get({url: "https://" + request.sfHost, name: "sid", storeId: sender.tab.cookieStoreId}, cookie => {
+      if (!cookie) { //Domain used by Microsoft Defender for Cloud Apps, where sid exists but cannot be read
+        sendResponse(null);
+        return;
+      }
+      const [orgId] = cookie.value.split("!");
+      const orderedDomains = ["salesforce.com", "cloudforce.com", "salesforce.mil", "cloudforce.mil", "sfcrmproducts.cn", "force.com", "salesforce-setup.com", "visualforce.com", "sfcrmapps.cn", "force.mil", "visualforce.mil", "crmforce.mil"];
+
+      orderedDomains.forEach(currentDomain => {
+        chrome.cookies.getAll({name: "sid", domain: currentDomain, secure: true, storeId: sender.tab.cookieStoreId}, cookies => {
+          sendResponse(cookies.filter(c => c.value.startsWith(orgId + "!")).map(c => ({key: c.value, hostname: c.domain})));
+        });
+      });
+    });
+    return true; // Tell Chrome that we want to call sendResponse asynchronously.
+  }
   return false;
 });
 chrome.runtime.onInstalled.addListener(({reason}) => {

addon/inspector.js

@@ -106,20 +106,24 @@ export let sfConn = {
       let oldToken = localStorage.getItem(this.instanceHostname + ACCESS_TOKEN);
       if (oldToken){
         sessionError = error;
-        let message = await new Promise(resolve =>
-          chrome.runtime.sendMessage({message: "getSession", sfHost: this.instanceHostname}, resolve));
-        if (message && message.key && message.key != oldToken) {
-          this.instanceHostname = getMyDomain(message.hostname);
-          this.sessionId = message.key;
-          localStorage.setItem(this.instanceHostname + ACCESS_TOKEN, message.key);
-          return await this.rest(url, {logErrors, method, api, body, bodyType, responseType, headers, progressHandler, withoutCache: true});
-        } else {
-          showInvalidTokenBanner();
-          let err = new Error();
-          err.name = "Unauthorized";
-          err.message = error;
-          throw err;
+        let cookies = await new Promise(resolve =>
+          chrome.runtime.sendMessage({message: "getAllSessions", sfHost: this.instanceHostname}, resolve));
+        if (cookies && cookies.length > 0) {
+          //first new token
+          //potentially 2 old tokens so not perfect
+          let message = cookies.find(c => c.key && c.key != oldToken);
+          if (message) {
+            this.instanceHostname = getMyDomain(message.hostname);
+            this.sessionId = message.key;
+            localStorage.setItem(this.instanceHostname + ACCESS_TOKEN, message.key);
+            return await this.rest(url, {logErrors, method, api, body, bodyType, responseType, headers, progressHandler, withoutCache: true});
+          }
         }
+        showInvalidTokenBanner();
+        let err = new Error();
+        err.name = "Unauthorized";
+        err.message = error;
+        throw err;
       }
     } else if (xhr.status == 431) {
       let err = new Error();