Page 2 of 2

Re: Automatic logon broken

PostPosted: Wed Dec 05, 2018 5:32 pm
by broadblues
MichaelMerkel wrote:it seems the cookie is not set?


A cookie *must* be set else, you could not log in at all.

i removed my old one and there is no new one stored.

regards...
michael


It could have changed to temporary cookie or one with a shorter expiery time perhaps?

Re: Automatic logon broken

PostPosted: Wed Dec 05, 2018 6:01 pm
by Raziel
There is no cookie.

I just checked again with Odyssey cookie list and there is absolutely nothing regarding hyperion-entertainment.biz.

I can log on, but as soon as i leave the site and come back immediately i have to log in again.

There are hyperion cookies in the sql .db file, but they don't come up in Odysseys cookie list

Re: Automatic logon broken

PostPosted: Wed Dec 05, 2018 7:53 pm
by broadblues
Hmmm okay testing a bit more, it seems the session ID to enable login is being sent in the URL. Side stepping the need for a temporary cookie.

The reason I could post without logging in was that I used URL completion and effectively preserved the session ID< which hadn't expired yet.

Ugh. That feels a fraction insecure! Were I to post the URL you might be able to login as me!

Re: Automatic logon broken

PostPosted: Wed Dec 05, 2018 8:10 pm
by Raziel
broadblues wrote:Hmmm okay testing a bit more, it seems the session ID to enable login is being sent in the URL. Side stepping the need for a temporary cookie.

The reason I could post without logging in was that I used URL completion and effectively preserved the session ID< which hadn't expired yet.

Ugh. That feels a fraction insecure! Were I to post the URL you might be able to login as me!

Ouch...
Hopefully some of the maintainers are monitoring this

Re: Automatic logon broken

PostPosted: Thu Dec 06, 2018 10:09 pm
by ssolie
Raziel wrote:Hopefully some of the maintainers are monitoring this

Try emailing webmaster@hyperion-entertainment.com

Re: Automatic logon broken

PostPosted: Sun Dec 09, 2018 11:18 pm
by Cyborg
All requests are now redirected to use the .com domain. This broke the cookie settings, which were still using .biz. Fixed now.

Re: Automatic logon broken

PostPosted: Mon Dec 10, 2018 12:21 am
by tonyw
Yes, fixed now, thanks, Costel.

Re: Automatic logon broken

PostPosted: Fri Dec 14, 2018 10:08 pm
by Raziel
Thank you, Costel