RuneScape Forum Archive | RS website Auto login

Dec

2005

YtHaar-Mej

Posts: 24,670 Opal Posts by user Forum Profile RuneMetrics Profile

Unless the session times out in the database, it would still be active. Your own browser session cookie operates separately from the web server.

The cookie can expire, but still be active on the site, which is why you get logged back in. You have to tell the site to log you out so it doesnt prompt a new session to be created.

That's just how websites work, its functioning as intended. Can I turn in a paper without citing all sources?
"No."[1]
1. William Shakespeare, Hamlet , Act III, Scene 1, line 96.

23-May-2023 01:09:11

Origin Nexus

Posts: 322 Silver Posts by user Forum Profile RuneMetrics Profile

YtHaar-Mej said :
its functioning as intended. I disagree. If it were functioning properly, it would be asking for login credentials when the "log in" button is clicked.

It seems that everything on the secure.runescape.com subdomain is functioning properly, and is requesting the credentials when the "log in" button is clicked, but anything on the runescape.com domain simply logs in whatever account was last used when the "log in" button is clicked, so long as the "log out" button was never clicked.

If everything were functioning as intended, the login button on the entire website would be functioning the way it does on the secure.runescape.com subdomain. Whatever policies are in place for the secure.runescape.com subdomain should be applied to the runescape.com domain as well, for consistency and security.

23-May-2023 19:42:19

Dec

2005

YtHaar-Mej

Posts: 24,670 Opal Posts by user Forum Profile RuneMetrics Profile

Origin Nexus said :
[I disagree. If it were functioning properly, it would be asking for login credentials when the "log in" button is clicked.
Except that the session expired on the RS site, but might still be active on Jagex.com. So when you log in, it verifies that; and, will either generate a new session token, or kick you to the login page. And, because there's a whole new account system, you need to specify which character you wish to access for that browsing session.

Many of the site pages have yet to be updated to the new system, hence why they still operate the old way. But most of the newer stuff is utilizing this new system. I can log into the website, and then it'll check for active sessions when attempting to access runemetrics or payment pages. It'll check, and when finds one is active, generates the session token for that page.

It's a work in progress in a new direction. Just because older pages havent been updated, doesn't mean it's not working as intended....especially when that's the direction everything is moving.

But because of that, this is why you have to specify you wish to log out, so it can tell the Jagex site (which manages your login session) that you wish to log out and then prompt you with a login page the next time. Can I turn in a paper without citing all sources?
"No."[1]
1. William Shakespeare, Hamlet , Act III, Scene 1, line 96.

26-May-2023 01:41:48

Origin Nexus

Posts: 322 Silver Posts by user Forum Profile RuneMetrics Profile

YtHaar-Mej said :
Origin Nexus said :
[I disagree. If it were functioning properly, it would be asking for login credentials when the "log in" button is clicked.
Except that the session expired on the RS site, but might still be active on Jagex.com. It seems like the session NEVER expires on the server. It's been 3 days since I've logged into the website at all. I haven't even been home since Tuesday, yet, clicking the "log in" button on the homepage logged me in without asking for any credentials.

YtHaar-Mej said :

It's a work in progress in a new direction. Just because older pages havent been updated, doesn't mean it's not working as intended....especially when that's the direction everything is moving. If the direction is always keeping accounts logged in, while giving the impression to users that the account is logged out, well, that doesn't seem like a good direction. It seems like a security flaw, and providing a false sense of security to users who believe that their account is logged out, when in reality, someone else can just log into their account by making use of the homepage "log in" button.

YtHaar-Mej said :
But because of that, this is why you have to specify you wish to log out, so it can tell the Jagex site (which manages your login session) that you wish to log out and then prompt you with a login page the next time. Or... here's a wild idea... hear me out on this... the website could actually log users out when it tells them that they've been logged out.

Why should users have to log into the website in order to properly log out, when the website could simply log them out properly?

Or, the permissions applied to the secure.runescape.com subdomain could be applied the rest of the runescape.com domain.

There's no reason why the "log in" button should ever NOT ask for credentials when clicked.

27-May-2023 01:50:14

333333333

Posts: 36,620 Sapphire Posts by user Forum Profile RuneMetrics Profile

Well, I love the part to skip typing when logging in on the forums since I visit RS page daily anyway!

27-May-2023 21:41:58

Aug

2022

Avadyn

Posts: 82 Iron Posts by user Forum Profile RuneMetrics Profile

wtf...... I get logged out after about 10mins of inactivity on the forums and have to enter details including authenticator every single time to log in, makes me not want to use the forums at all.

How are you all remaining logged in????

29-May-2023 11:29:00

Nov

2006

Miles Prower

Posts: 9,764 Rune Posts by user Forum Profile RuneMetrics Profile

Assuming your cookies are enabled, you need to go to the home page in order to be logged in automatically via SSO. Hopefully this will be resolved in the future to allow automatic login from subdomains other than ' www '. Low on bank space? Click here .

29-May-2023 14:06:40

333333333

Posts: 36,620 Sapphire Posts by user Forum Profile RuneMetrics Profile

It's still very handy to instantly log in!

08-Jun-2023 08:35:06

Oct

2004

Ms aASHSteel

Posts: 3,922 Adamant Posts by user Forum Profile RuneMetrics Profile

this is happening to Me as well - reason I've come to this section on the forums for help / insight. Daily ,sometime hourly forum user.

Finally Maxed: 5/17/15

<3

Proud Founder of The AFKers

28-Jun-2023 14:19:56

Oct

2004

Ms aASHSteel

Posts: 3,922 Adamant Posts by user Forum Profile RuneMetrics Profile

Avadyn said :
wtf...... I get logged out after about 10mins of inactivity on the forums and have to enter details including authenticator every single time to log in, makes me not want to use the forums at all.

How are you all remaining logged in????

this is happening to Me as well - reason I've come to this section on the forums for help / insight. Daily ,sometime hourly forum user.

Finally Maxed: 5/17/15

<3

Proud Founder of The AFKers

28-Jun-2023 14:21:30 - Last edited on 28-Jun-2023 14:22:36 by Ms aASHSteel

Forums

RS website Auto login