English Português Brasileiro Русский ไทย Deutsch Français Español 한국어
Path of Exile
Forum Index»Bug Reports»View Thread
View Staff PostsPost Reply
Website

Session ID Security

I am finding the same problem as this thread linked below. Session IDs that I have created and cannot log out are persistent and not invalidated. Any session ID that is created gives access to your account forever since they don't seem to be checked for expiration.

https://www.pathofexile.com/forum/view-thread/1349853
Last bumped on Mar 5, 2019, 4:39:53 PM
This thread has been automatically archived. Replies are disabled.
Avatar
Posted by

on Mar 5, 2019, 6:42:10 AM
Harpy Supporter
Dread Forge Supporter
Shadowstalker Supporter
Sunspire Supporter
Doomcrow Supporter
Blood Knight Supporter
Elder Darkseer Supporter
Insatiable Malice Supporter
Spellblade Supporter
Ancient Dread Supporter
Sanguine Reaper Supporter
Ancestral Lithomancer Supporter
Quote this Post
Sessions are invalidated after some time if they are inactive. Currently this is 2 months on our end.

If you change your password it will clear all previous sessions on your account. Logging out will immediately invalidate the current ID as well, as you have surmised.
Web DeveloperView our Developer Docs
Avatar
Posted by

on Mar 5, 2019, 4:39:53 PM
Grinding Gear Games
Quote this Post

Report Forum Post

Report Account:

Report Type

Additional Info


View Staff PostsPost Reply
Forum Index»Bug Reports»View Thread

Home

Game

Forum

Events

Trade

Shop

© 2010 - 2024 Grinding Gear Games Terms of Use, Privacy Notice and Cookies Notice - Contact Support - Developer API ed42a3dcd82e8a8aefa3735bb98ae27a