Maintenance for the week of December 9:
• PC/Mac: No maintenance – December 9
• PC/Mac: No maintenance – December 9
Question about Forum logins/cookies
Orizuru
✭✭✭
I have two computers that I use to access the forums. One is my HTPC in my living room and the other is the gaming rig I use in my home office. Both computers were setup to remember my credentials after the first time I logged into these forums a month ago when the game launched.
Yesterday I changed the password on my game account. I did this from the gaming rig and when I went to the forums I had to enter my credentials again, which I expected. Today was the first time I used the HTPC computer to check these forums, but I didn't have to enter my credentials. It still remembered me from my previous login from before the password changed.
I'm not sure if this is a problem or not. I'm able to access the forums from all of my computers without a problem. I was just puzzled by this. Normally when I change a password, I would expect to have to reenter my credentials on any computer when I want to login. This just seemed like unusual behavior to me for a secure website.
I really only see a potential problem with this if players are accessing the forums from public computers and choosing to allow the website to remember them, and this is something I myself know to never do, but it just seems to present some security implications none-the-less. Exactly how long will the website remember a computer that is used to access these forums? And how is it able to remember the computer even after the credentials have been updated/changed in Account Management? The fact the website can remember a computer even after a password change seems like a possible hole in the security of an account.
Yesterday I changed the password on my game account. I did this from the gaming rig and when I went to the forums I had to enter my credentials again, which I expected. Today was the first time I used the HTPC computer to check these forums, but I didn't have to enter my credentials. It still remembered me from my previous login from before the password changed.
I'm not sure if this is a problem or not. I'm able to access the forums from all of my computers without a problem. I was just puzzled by this. Normally when I change a password, I would expect to have to reenter my credentials on any computer when I want to login. This just seemed like unusual behavior to me for a secure website.
I really only see a potential problem with this if players are accessing the forums from public computers and choosing to allow the website to remember them, and this is something I myself know to never do, but it just seems to present some security implications none-the-less. Exactly how long will the website remember a computer that is used to access these forums? And how is it able to remember the computer even after the credentials have been updated/changed in Account Management? The fact the website can remember a computer even after a password change seems like a possible hole in the security of an account.
0