Sun, Dec 1, 6:04 AM CST

Renderosity Forums / Community Center



Welcome to the Community Center Forum

Forum Moderators: wheatpenny Forum Coordinators: Anim8dtoon

Community Center F.A.Q (Last Updated: 2024 Nov 30 3:10 am)

Forum news, updates, events, etc. Please sitemail any notices or questions for the staff to the Forum Moderators.



Subject: Renderosity Bug?!


-Wolfie- ( ) posted Mon, 25 April 2005 at 4:54 PM · edited Sun, 01 December 2024 at 5:19 AM

A very scary thing goes on at Renderosity. Well, not that scary, but freaky non the less, and could prove to be quite annoying to say the least. If you share links with friends to items from Renderosity, BE SURE to check the link before sending it. The links should look something like this: http://market.renderosity.com/softgood.ez?ViewSoftgood=35052 Make sure to check the end of your URL's before you copy them to share. Make sure that if you see "SessionID" that you remove everything from that point, including SessionID. For example: http://renderosity.com/index.ez?Form.sess_id=###&Form.sess_key=### You would remove everything after (and including) the question mark (?) Thankfully a very good friend of mine and myself discovered this while trading links to products we thought the other would like to see or purchase. What is the problem you ask? Well, my friend logged into her account and was browsing the item links I sent her. When I found something I knew she would be interested in, I would send her the link (including the sessionID part) She liked some of the items and proceeded to add them to her cart. But guess what? When I checked MY cart, the items for the links I had sent her had been added to MY cart!! She checked her cart... NO ITEMS! The SessionID actually logged her into my account without her even having to provide my log in information! So, be sure to check your Renderosity URL before sharing them. Even gallery images. Maybe this is something that can be fixed? I don't know.

Helping everyone is the most rewarding failure you'll ever experience.
    - Ray Augé (~Wolfie~'s hubby)

Anything is more stable than Windows . . .
--- Even a relationship based purely on sex!

    - Pam Augé (~Wolfie~)

No meat was harmed during the making of this TV dinner.
    - Pam Augé (~Wolfie~)



AgentSmith ( ) posted Mon, 25 April 2005 at 6:05 PM

Oh, yes, this is fairly well known. The only real solution is to make sure you (anyone) does not include the sessionID with ANY link given out. Gotta be careful. AgentSmith

Contact Me | Gallery | Freestuff | IMDB Credits | Personal Site
"I want to be what I was when I wanted to be what I am now"


-Wolfie- ( ) posted Mon, 25 April 2005 at 6:14 PM

Or just sent the item number. Just through of that one! LOL!

Helping everyone is the most rewarding failure you'll ever experience.
    - Ray Augé (~Wolfie~'s hubby)

Anything is more stable than Windows . . .
--- Even a relationship based purely on sex!

    - Pam Augé (~Wolfie~)

No meat was harmed during the making of this TV dinner.
    - Pam Augé (~Wolfie~)



elizabyte ( ) posted Mon, 25 April 2005 at 11:28 PM

Why hasn't the code been fixed to remove the persistant cookies? This has been a known issue for years, why hasn't it beed addressed? Other sites manage to write login cookies that don't have a session key like that. bonni

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis


DJB ( ) posted Tue, 26 April 2005 at 12:27 AM

LOL you should be able to trust any one you are sending a link to anyway.

"The happiness of a man in this life does not consist in the absence but in the mastery of his passions."



elizabyte ( ) posted Tue, 26 April 2005 at 12:47 AM

LOL you should be able to trust any one you are sending a link to anyway. Unless you mistakenly post it to a forum or put it in your weblog or something. Not all forms of internet communication are via email. bonni

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis


takezo3001 ( ) posted Tue, 26 April 2005 at 5:59 AM

Not bug, a virtual preditory monstrosity! WOW! I think I've heard this before,too bad this forums does'nt have a "Sticky!"



svdl ( ) posted Fri, 29 April 2005 at 3:48 PM

A SessionID NEVER should be in the query string, it should be in the body of the HTTP request - and it should be hashed. I think this is a major flaw in the design of the site software. Linking to another thread, or to a gallery image, or to a marketplace item, well, that's rather common for a post in a forum. Elizabyte is absolutely right. Fixing this flaw in the site software is easy, but it might take some work. I certainly hope it'll be fixed - soon!

The pen is mightier than the sword. But if you literally want to have some impact, use a typewriter

My gallery   My freestuff


Jumpstartme2 ( ) posted Sat, 30 April 2005 at 1:59 AM · edited Sat, 30 April 2005 at 2:00 AM

This has been a known issue for years

This is very true, and its time it got fixed..not everyone that come here 'newbies' would know about this..

Admins?

Message edited on: 04/30/2005 02:00

~Jani

Renderosity Community Admin
---------------------------------------




AgentSmith ( ) posted Sat, 30 April 2005 at 2:03 AM

I believe it is just an inherent part of the site and its programming/software. I'm not sure if there is a "fix" for this. AS

Contact Me | Gallery | Freestuff | IMDB Credits | Personal Site
"I want to be what I was when I wanted to be what I am now"


elizabyte ( ) posted Sat, 30 April 2005 at 2:13 AM · edited Sat, 30 April 2005 at 2:14 AM

I'm not sure if there is a "fix" for this.

Other sites (millions of them) manage to write login routines that don't have persistent cookies with a session ID. It's very FAR from the realms of impossible. At the time the software here was written, perhaps it wasn't considered very well, etc., but this is 2005, and it's really time they did something to fix this. Leaving it that way with a shrug is irresponsible at best.

bonni

Message edited on: 04/30/2005 02:14

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis


AgentSmith ( ) posted Sat, 30 April 2005 at 2:46 AM

Yeah, I'm only throwing that out since Renderosity is still built upon the EZ Boards software. Hey, Tommy would definitely know. ;o) AS

Contact Me | Gallery | Freestuff | IMDB Credits | Personal Site
"I want to be what I was when I wanted to be what I am now"


elizabyte ( ) posted Sat, 30 April 2005 at 4:40 AM · edited Sat, 30 April 2005 at 4:41 AM

Thanks, AS. I know you're just answering and not personally responsible for the persistent session cookies. ;-)

bonni

Message edited on: 04/30/2005 04:41

"When a man gives his opinion, he's a man. When a woman gives her opinion, she's a bitch." - Bette Davis


Jumpstartme2 ( ) posted Sat, 30 April 2005 at 9:19 PM

EzBoard?...Whats wrong with the phpBB? {not that I know that much about it mind you...I have a site Im 'still' playing around with..but at least one doesn't have to worry about logging in as someone else because of a copy and pasted link} Wouldn't that work here?

~Jani

Renderosity Community Admin
---------------------------------------




AgentSmith ( ) posted Sat, 30 April 2005 at 10:02 PM

Oh nothing, php would be great! But, from what I have read (over the past 3 years) is we would have to switch over this ENTIRE (huge-butt) site to php....and that in a word would be, "hard". I'm not techically inclined, I'm just digesting what I have read in the past, lol. AS

Contact Me | Gallery | Freestuff | IMDB Credits | Personal Site
"I want to be what I was when I wanted to be what I am now"


Jumpstartme2 ( ) posted Sun, 01 May 2005 at 1:42 AM

~sigh~ Yes, you are right AS. I have been playing around with phpBB for awhile now, and it gets distressing at times {to put it lightly} but oh..it would be nice if RR took a leap and did it anyway :)

~Jani

Renderosity Community Admin
---------------------------------------




Privacy Notice

This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.