|
| 17 Aug 2012 03:57 PM |
Why does ROBLOX allow you to be logged in from two IPs at the same time?
~Monica |
|
|
| Report Abuse |
|
|
Legend26
|
  |
| Joined: 08 Sep 2008 |
| Total Posts: 10586 |
|
|
| 17 Aug 2012 04:05 PM |
| I wondered the same very recently tbh. I also wonder if the sessions even expire. Waiting a few days to see. |
|
|
| Report Abuse |
|
|
|
| 17 Aug 2012 04:08 PM |
| Because the mods are lazy.. |
|
|
| Report Abuse |
|
|
Colt324
|
  |
| Joined: 19 Aug 2009 |
| Total Posts: 1562 |
|
|
| 17 Aug 2012 04:09 PM |
| DO you mean in-game or on the site? |
|
|
| Report Abuse |
|
|
| |
|
Colt324
|
  |
| Joined: 19 Aug 2009 |
| Total Posts: 1562 |
|
|
| 17 Aug 2012 04:39 PM |
well for website, I don't want to log off of my PC to be able to access it on my tablet/phone. As for in-game I have no idea why Roblox would allow that. |
|
|
| Report Abuse |
|
|
|
| 17 Aug 2012 05:33 PM |
| I think they mean the same session on multiple IPs... If I understand what you're talking about correctly. |
|
|
| Report Abuse |
|
|
lucas668
|
  |
| Joined: 18 Jun 2008 |
| Total Posts: 6183 |
|
|
| 17 Aug 2012 05:35 PM |
| You can use TeleportService to play in multiple games at once... |
|
|
| Report Abuse |
|
|
|
| 17 Aug 2012 06:20 PM |
@Blue Yes, why does it allow me to log in from my home, and from half way across the country at the same time? One of those two logins is not the real me.
~Monica |
|
|
| Report Abuse |
|
|
|
| 17 Aug 2012 07:04 PM |
| Not necessarily. And they don't seem to have qualms with people sharing, even though it's not allowed. |
|
|
| Report Abuse |
|
|
Cenort
|
  |
| Joined: 20 Nov 2009 |
| Total Posts: 9679 |
|
|
| 17 Aug 2012 08:45 PM |
The issue is not that they allow you to login from different locations, the issue is that they don't put something in your cookie that makes that cookie only valid on that IP address. That way if someone obtains your cookie, it's useless unless they have your login information anyways.
They implemented this for admins already, I'm sure they have reasons for leaving it open for users to switch IPs during the course of a session. The only real weakness is the PlaceLauncher authenticationToken being present on page sources, and that is being patched very soon. So session hijacking won't be possible unless you can trick someone into giving away your cookie. |
|
|
| Report Abuse |
|
|
Seranok
|
  |
| Joined: 12 Dec 2009 |
| Total Posts: 11083 |
|
|
| 17 Aug 2012 08:52 PM |
| There are a LOT of people who have dynamic IPs given to them by their ISP. So it's smart to allow IP switching. |
|
|
| Report Abuse |
|
|
|
| 17 Aug 2012 09:10 PM |
@ser "Hmm, this user is still active at their old IP, but this new IP is also claiming to be them..." Normal Server: "Boot new one". ROBLOX: "SEEMS LEGIT"
~Monica |
|
|
| Report Abuse |
|
|
Seranok
|
  |
| Joined: 12 Dec 2009 |
| Total Posts: 11083 |
|
|
| 17 Aug 2012 09:21 PM |
| Imagine how you would implement a system to prevent multiple users from being logged on? Now stop imaging before you give yourself a headache. |
|
|
| Report Abuse |
|
|
|
| 17 Aug 2012 09:36 PM |
Simple: In the user table, have a column for their current active session and their IP. When they request a page, check against the IP + session combo. That was pretty easy.
~Monica |
|
|
| Report Abuse |
|
|
Aerideyn
|
  |
| Joined: 16 Jan 2010 |
| Total Posts: 1882 |
|
|
| 17 Aug 2012 09:36 PM |
my router keeps declaring it is under attack every 30-60 minutes and resets itself dropping my connectiong for 2-5 minutes and changing my ip - this system works for me :p
If someone knows anything about how to fix it would be great.. i disabled that feature and now every so often it just crawls to a stop for a couple minutes before returning to normal without resettting o.O i suspect it is our phone line since it has alot of static and the router also complains about our filters (which telstra have replaced twice and swears are ok -.-)
highly annoying. |
|
|
| Report Abuse |
|
|
MrNicNac
|
  |
| Joined: 29 Aug 2008 |
| Total Posts: 26567 |
|
|
| 17 Aug 2012 09:44 PM |
"Because the mods are lazy.."
Yes, because the moderators are lazy, the developers decide to not do anything. That makes more sense than no sound in space. |
|
|
| Report Abuse |
|
|
TaslemGuy
|
  |
| Joined: 10 Jun 2009 |
| Total Posts: 12174 |
|
|
| 17 Aug 2012 11:06 PM |
Logging in from multiple IPs at once is perfectly reasonable.
Plenty of people have smartphones now, and laptops, and a desktop.
People share accounts, too.
There's nothing wrong with two IPs sharing an account at the same time. If they're sharing a session ID, that's a problem, but not otherwise. |
|
|
| Report Abuse |
|
|
lucas668
|
  |
| Joined: 18 Jun 2008 |
| Total Posts: 6183 |
|
|
| 17 Aug 2012 11:49 PM |
| Yes, I log into Roblox on my laptop, desktop, and smartphone all at the same time. Impressive, eh? |
|
|
| Report Abuse |
|
|
stravant
|
  |
 |
| Joined: 22 Oct 2007 |
| Total Posts: 2893 |
|
|
| 18 Aug 2012 12:22 AM |
"Logging in from multiple IPs at once is perfectly reasonable. Plenty of people have smartphones now, and laptops, and a desktop."
this is exactly the reason. Many people have more than one device, many of them mobile, that are capable of logging into the site.
It would be really annoying if you had to log in every time switching between them. |
|
|
| Report Abuse |
|
|
|
| 18 Aug 2012 12:33 AM |
Well, logging in from a smartphone and from a computer at the same time is reasonable.
But when one IP address is from Egypt and another is from China, there's obviously something not right. |
|
|
| Report Abuse |
|
|
|
| 18 Aug 2012 04:21 AM |
@some post above Account sharing is actually against the rules :/ |
|
|
| Report Abuse |
|
|
stravant
|
  |
 |
| Joined: 22 Oct 2007 |
| Total Posts: 2893 |
|
|
| 18 Aug 2012 07:59 AM |
"But when one IP address is from Egypt and another is from China, there's obviously something not right."
Personally I hate IP restrictions though. I'd rather have it as right now with none. |
|
|
| Report Abuse |
|
|
|
| 18 Aug 2012 08:41 AM |
Please don't have IP restrictions.
I need to be able to test my game from two computers so I can see what is happening on each client.
☜▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬☜☆☞▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬☞ - Candymaniac, a highly reactive substance. |
|
|
| Report Abuse |
|
|
|
| 18 Aug 2012 09:46 AM |
Okay even if IP restrictions weren't put in place. Back to session hijacking. >session started in michigan >same session suddenly accessed in china SEEEEEEEEEMS LEGIT
If the same session cookie is accssed from two IPs, obviously the second one is not the player.
~Monica |
|
|
| Report Abuse |
|
|