A very scary thing goes on at Renderosity. Well, not that scary, but freaky non the less, and could prove to be quite annoying to say the least. If you share links with friends to items from Renderosity, BE SURE to check the link before sending it. The links should look something like this: http://market.renderosity.com/softgood.ez?ViewSoftgood=35052 Make sure to check the end of your URL's before you copy them to share. Make sure that if you see "SessionID" that you remove everything from that point, including SessionID. For example: http://renderosity.com/index.ez?Form.sess_id=###&Form.sess_key=### You would remove everything after (and including) the question mark (?) Thankfully a very good friend of mine and myself discovered this while trading links to products we thought the other would like to see or purchase. What is the problem you ask? Well, my friend logged into her account and was browsing the item links I sent her. When I found something I knew she would be interested in, I would send her the link (including the sessionID part) She liked some of the items and proceeded to add them to her cart. But guess what? When I checked MY cart, the items for the links I had sent her had been added to MY cart!! She checked her cart... NO ITEMS! The SessionID actually logged her into my account without her even having to provide my log in information! So, be sure to check your Renderosity URL before sharing them. Even gallery images. Maybe this is something that can be fixed? I don't know.

Oh, yes, this is fairly well known. The only real solution is to make sure you (anyone) does not include the sessionID with ANY link given out. Gotta be careful. AgentSmith

Or just sent the item number. Just through of that one! LOL!

Why hasn't the code been fixed to remove the persistant cookies? This has been a known issue for years, why hasn't it beed addressed? Other sites manage to write login cookies that don't have a session key like that. bonni

LOL you should be able to trust any one you are sending a link to anyway.

LOL you should be able to trust any one you are sending a link to anyway. Unless you mistakenly post it to a forum or put it in your weblog or something. Not all forms of internet communication are via email. bonni

Not bug, a virtual preditory monstrosity! WOW! I think I've heard this before,too bad this forums does'nt have a "Sticky!"

A SessionID NEVER should be in the query string, it should be in the body of the HTTP request - and it should be hashed. I think this is a major flaw in the design of the site software. Linking to another thread, or to a gallery image, or to a marketplace item, well, that's rather common for a post in a forum. Elizabyte is absolutely right. Fixing this flaw in the site software is easy, but it might take some work. I certainly hope it'll be fixed - soon!

This has been a known issue for years

This is very true, and its time it got fixed..not everyone that come here 'newbies' would know about this..

Admins?

Message edited on: 04/30/2005 02:00

I believe it is just an inherent part of the site and its programming/software. I'm not sure if there is a "fix" for this. AS

I'm not sure if there is a "fix" for this.

Other sites (millions of them) manage to write login routines that don't have persistent cookies with a session ID. It's very FAR from the realms of impossible. At the time the software here was written, perhaps it wasn't considered very well, etc., but this is 2005, and it's really time they did something to fix this. Leaving it that way with a shrug is irresponsible at best.

bonni

Message edited on: 04/30/2005 02:14

Yeah, I'm only throwing that out since Renderosity is still built upon the EZ Boards software. Hey, Tommy would definitely know. ;o) AS

Thanks, AS. I know you're just answering and not personally responsible for the persistent session cookies. ;-)

bonni

Message edited on: 04/30/2005 04:41

EzBoard?...Whats wrong with the phpBB? {not that I know that much about it mind you...I have a site Im 'still' playing around with..but at least one doesn't have to worry about logging in as someone else because of a copy and pasted link} Wouldn't that work here?

Oh nothing, php would be great! But, from what I have read (over the past 3 years) is we would have to switch over this ENTIRE (huge-butt) site to php....and that in a word would be, "hard". I'm not techically inclined, I'm just digesting what I have read in the past, lol. AS

~sigh~ Yes, you are right AS. I have been playing around with phpBB for awhile now, and it gets distressing at times {to put it lightly} but oh..it would be nice if RR took a leap and did it anyway :)