Forum Moderators: wheatpenny Forum Coordinators: Anim8dtoon
Community Center F.A.Q (Last Updated: 2024 Nov 30 3:10 am)
Oh, yes, this is fairly well known. The only real solution is to make sure you (anyone) does not include the sessionID with ANY link given out. Gotta be careful. AgentSmith
Contact Me | Gallery |
Freestuff | IMDB
Credits | Personal
Site
"I want to be what I was
when I wanted to be what I am now"
Or just sent the item number. Just through of that one! LOL!
Helping everyone is the most rewarding failure you'll ever experience.
- Ray Augé (~Wolfie~'s hubby)
Anything is more stable than Windows . . .
--- Even a relationship based purely on sex!
- Pam Augé (~Wolfie~)
No meat was harmed during the making of this TV dinner.
- Pam Augé (~Wolfie~)
Why hasn't the code been fixed to remove the persistant cookies? This has been a known issue for years, why hasn't it beed addressed? Other sites manage to write login cookies that don't have a session key like that. bonni
"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis
LOL you should be able to trust any one you are sending a link to anyway. Unless you mistakenly post it to a forum or put it in your weblog or something. Not all forms of internet communication are via email. bonni
"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis
A SessionID NEVER should be in the query string, it should be in the body of the HTTP request - and it should be hashed. I think this is a major flaw in the design of the site software. Linking to another thread, or to a gallery image, or to a marketplace item, well, that's rather common for a post in a forum. Elizabyte is absolutely right. Fixing this flaw in the site software is easy, but it might take some work. I certainly hope it'll be fixed - soon!
The pen is mightier than the sword. But if you literally want to have some impact, use a typewriter
I believe it is just an inherent part of the site and its programming/software. I'm not sure if there is a "fix" for this. AS
Contact Me | Gallery |
Freestuff | IMDB
Credits | Personal
Site
"I want to be what I was
when I wanted to be what I am now"
I'm not sure if there is a "fix" for this.
Other sites (millions of them) manage to write login routines that don't have persistent cookies with a session ID. It's very FAR from the realms of impossible. At the time the software here was written, perhaps it wasn't considered very well, etc., but this is 2005, and it's really time they did something to fix this. Leaving it that way with a shrug is irresponsible at best.
bonni
Message edited on: 04/30/2005 02:14
"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis
Yeah, I'm only throwing that out since Renderosity is still built upon the EZ Boards software. Hey, Tommy would definitely know. ;o) AS
Contact Me | Gallery |
Freestuff | IMDB
Credits | Personal
Site
"I want to be what I was
when I wanted to be what I am now"
EzBoard?...Whats wrong with the phpBB? {not that I know that much about it mind you...I have a site Im 'still' playing around with..but at least one doesn't have to worry about logging in as someone else because of a copy and pasted link} Wouldn't that work here?
~Jani
Renderosity Community Admin
---------------------------------------
Oh nothing, php would be great! But, from what I have read (over the past 3 years) is we would have to switch over this ENTIRE (huge-butt) site to php....and that in a word would be, "hard". I'm not techically inclined, I'm just digesting what I have read in the past, lol. AS
Contact Me | Gallery |
Freestuff | IMDB
Credits | Personal
Site
"I want to be what I was
when I wanted to be what I am now"
This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.
A very scary thing goes on at Renderosity. Well, not that scary, but freaky non the less, and could prove to be quite annoying to say the least. If you share links with friends to items from Renderosity, BE SURE to check the link before sending it. The links should look something like this: http://market.renderosity.com/softgood.ez?ViewSoftgood=35052 Make sure to check the end of your URL's before you copy them to share. Make sure that if you see "SessionID" that you remove everything from that point, including SessionID. For example: http://renderosity.com/index.ez?Form.sess_id=###&Form.sess_key=### You would remove everything after (and including) the question mark (?) Thankfully a very good friend of mine and myself discovered this while trading links to products we thought the other would like to see or purchase. What is the problem you ask? Well, my friend logged into her account and was browsing the item links I sent her. When I found something I knew she would be interested in, I would send her the link (including the sessionID part) She liked some of the items and proceeded to add them to her cart. But guess what? When I checked MY cart, the items for the links I had sent her had been added to MY cart!! She checked her cart... NO ITEMS! The SessionID actually logged her into my account without her even having to provide my log in information! So, be sure to check your Renderosity URL before sharing them. Even gallery images. Maybe this is something that can be fixed? I don't know.
Helping everyone is the most rewarding failure you'll ever experience.
- Ray Augé (~Wolfie~'s hubby)
Anything is more stable than Windows . . .
--- Even a relationship based purely on sex!
- Pam Augé (~Wolfie~)
No meat was harmed during the making of this TV dinner.
- Pam Augé (~Wolfie~)