Page 2 of 2

Re: Automatic logon broken

Posted: Wed Dec 05, 2018 4:32 pm
by broadblues
MichaelMerkel wrote:it seems the cookie is not set?
A cookie *must* be set else, you could not log in at all.
i removed my old one and there is no new one stored.

regards...
michael
It could have changed to temporary cookie or one with a shorter expiery time perhaps?

Re: Automatic logon broken

Posted: Wed Dec 05, 2018 5:01 pm
by Raziel
There is no cookie.

I just checked again with Odyssey cookie list and there is absolutely nothing regarding hyperion-entertainment.biz.

I can log on, but as soon as i leave the site and come back immediately i have to log in again.

There are hyperion cookies in the sql .db file, but they don't come up in Odysseys cookie list

Re: Automatic logon broken

Posted: Wed Dec 05, 2018 6:53 pm
by broadblues
Hmmm okay testing a bit more, it seems the session ID to enable login is being sent in the URL. Side stepping the need for a temporary cookie.

The reason I could post without logging in was that I used URL completion and effectively preserved the session ID< which hadn't expired yet.

Ugh. That feels a fraction insecure! Were I to post the URL you might be able to login as me!

Re: Automatic logon broken

Posted: Wed Dec 05, 2018 7:10 pm
by Raziel
broadblues wrote:Hmmm okay testing a bit more, it seems the session ID to enable login is being sent in the URL. Side stepping the need for a temporary cookie.

The reason I could post without logging in was that I used URL completion and effectively preserved the session ID< which hadn't expired yet.

Ugh. That feels a fraction insecure! Were I to post the URL you might be able to login as me!
Ouch...
Hopefully some of the maintainers are monitoring this

Re: Automatic logon broken

Posted: Thu Dec 06, 2018 9:09 pm
by ssolie
Raziel wrote:Hopefully some of the maintainers are monitoring this
Try emailing webmaster@hyperion-entertainment.com

Re: Automatic logon broken

Posted: Sun Dec 09, 2018 10:18 pm
by Cyborg
All requests are now redirected to use the .com domain. This broke the cookie settings, which were still using .biz. Fixed now.

Re: Automatic logon broken

Posted: Sun Dec 09, 2018 11:21 pm
by tonyw
Yes, fixed now, thanks, Costel.

Re: Automatic logon broken

Posted: Fri Dec 14, 2018 9:08 pm
by Raziel
Thank you, Costel