RuneScape Forum Archive | RS website Auto login

333333333

Posts: 36,620 Sapphire Posts by user Forum Profile RuneMetrics Profile

Is it only me or others too? From the mainpage when I click Log In then I don't need to type name and password! It auto logs me in which is fine! But if I'm not already logged in and go to mainpage and in the dropbox Community and then Forums then click on Log In then I need to type name and password to log in!

01-May-2023 21:12:00

2_Tron

Posts: 22,959 Opal Posts by user Forum Profile RuneMetrics Profile

Maybe you have forgotten to '
Log out
' the last time you visited the Website & Forums which technically should keep you logged in 'for a while'.
I always '

Log Out

' to make sure that I am logged out and this issue you are talking about isn't happening to me.

01-May-2023 21:24:42

333333333

Posts: 36,620 Sapphire Posts by user Forum Profile RuneMetrics Profile

I close entire Chrome and shut down the PC and next time when I start and visit RS website and still auto log in from mainpage! No, I don't complain but that's fine for me!

02-May-2023 02:47:18

Origin Nexus

Posts: 322 Silver Posts by user Forum Profile RuneMetrics Profile

I tried this out too. I got logged out of the forums, and normally when I would click the "login" button from the forums page, I would have to enter my account and password. But, instead, I went to the homepage and clicked the login button there. It logged me in without even asking for any credentials.

10-May-2023 00:57:17

333333333

Posts: 36,620 Sapphire Posts by user Forum Profile RuneMetrics Profile

^ Oh, I'm not alone lol! Saves some seconds to type!

10-May-2023 20:36:33

Origin Nexus

Posts: 322 Silver Posts by user Forum Profile RuneMetrics Profile

I find it weird that this isn't actually getting any attention.

It kinda seems like a security issue. I mean, you literally don't have to provide any credentials to log into the website... and it's not a client side "password manager" providing this auto-login. It's serverside.

If my account gets logged out of the forums, it's not actually logged out. Sometimes the homepage stays logged in. Sometimes the homepage gets logged out. But so long as you use the homepage "log in" button, it will automatically log you into the website without requiring any credentials.

18-May-2023 18:38:09

Nov

2006

Miles Prower

Posts: 9,764 Rune Posts by user Forum Profile RuneMetrics Profile

Standard advice applies, as it always has done. If you are using a shared device, remember to logout when you are finished. You should never rely on the session to time out. This applies to any other popular website which uses extended session cookies and/or SSO. Low on bank space? Click here .

19-May-2023 11:42:03

Origin Nexus

Posts: 322 Silver Posts by user Forum Profile RuneMetrics Profile

Miles Prower said :
Standard advice applies, as it always has done. If you are using a shared device, remember to logout when you are finished. You should never rely on the session to time out. This applies to any other popular website which uses extended session cookies and/or SSO. How do you know if you're logged out?

If the forums log you out, and request your login information, you would assume that you're "logged out". At that point, you can't "log out", as there is no longer a "log out" button, only a "log in" button. You would assume that for all intents and purposes, you're logged out.

But in reality, even though you can't use the forums because you're "logged out"... all anyone has to do is click the homepage link, and then from the homepage click "log in" and it magically logs the account in without asking for any credentials.

Am I missing something here?

Is there a reason the homepage does this?

Is this something to do with the new "Jagex Accounts"?

Are the login servers not synced up or something? What's the deal with this?

19-May-2023 18:20:39

Dec

2005

YtHaar-Mej

Posts: 24,670 Opal Posts by user Forum Profile RuneMetrics Profile

The homepage logging you back seems to be intentional. Its part of the new web system that's slowly coming out. Account sessions are managed through the Jagex website now, and then product websites can authenticate through that to generate your session to use whatever site you need to use at that time (this case, the RS site).

You still have to relog if you want to access any higher privileged/sensitive pages like: account settings, payments, solomons, etc. You also would need to re-auth to access the Jagex Account pages.

You'll know when you're logged out by actually logging out of the website when you're finished using it. And going with what Miles said, this is standard advice for anything. Many other websites offer prolonged login sessions on their websites. If users follow basic guidelines, there's not a huge security risk....else they'd all be designed a bit differently. Can I turn in a paper without citing all sources?
"No."[1]
1. William Shakespeare, Hamlet , Act III, Scene 1, line 96.

20-May-2023 00:58:35

Origin Nexus

Posts: 322 Silver Posts by user Forum Profile RuneMetrics Profile

YtHaar-Mej said :
You'll know when you're logged out by actually logging out of the website when you're finished using it. So... when the website logs you out... you have to log into the website... in order to actually log out?

That doesn't seem right somehow. O_o

22-May-2023 23:25:59