Do not share POESESSID values with other people

2022
2FA WHEN PauseChamp

well this wouldnt be a thing at all if you actually had this "3rd party programs" in the game already as feature rather than "oh we let people do their own thing.. but we dont like 3rd party things too much so be aware you can be banned at any time regardless.."

big reason why it's shady that you don't come up clear when the use of certain 3rd party tools such as awakened trade and so on are on the clear to use and someone from the staff jumps in to e-mail questions rather than making an official statement regarding all of this..

Damn GGG is not happy with PoB new features... like not at all.

"

nl_atole wrote:

If we shared this in the past is there something we can do to protect our account?

Right, if this is such a potential security breach, shouldnt there be a way to either re-generate it, or block the accesses it gives ?

Usually (don't know if it's true in our case) you get new session ID each time when you log in. So simple logging out, clearing cookies for pathofexile.com and then logging in should do.

Though It also could be made differently, so wait for clarifications from devs if it will be enough.

"

DarthSki44 wrote:

Damn GGG is not happy with PoB new features... like not at all.

I think it's more of a case of GGG covering themselves should bans be handed out. I highly doubt PoB would be doing this to harvest session ID's, but since it's open source all it takes is one bad actor to sneak in some naughty code somewhere.

I'm sure GGG would work with odd cases of unauthorized access due to stolen credentials, however, if it were to happen on a large scale, this is here so GGG can say "we told you so". Especially since OAuth is available and should be used.

"

Fruz wrote:

Right, if this is such a potential security breach, shouldnt there be a way to either re-generate it, or block the accesses it gives ?

Not sure how GGG handles it, but I'd imagine logging out and logging back in would be enough to generate a new sessionid. It also probably also renews when the website forces a relogin from time to time.

damn

I'm seeing a lot of hating on GGG in this thread because of players who think PoB should be an official thing in the game. Stop it.

GGG has stated numerous times that the mystery is part of the game, and that while they can't stop players from writing down every calculation and sharing it with others, there is no need for damage meters or precise information (nearby).

There is a detriment to min/maxing that players often forget/ignore and that is the way content gets developed in response to all of this knowledge and min/maxing. Every new encounter has to be that much stronger in order to maintain difficulty versus power creep and optimized builds.

Min/maxing doesn't just optimize the fun out of all but the strongest builds and kill the exploration aspect of finding interesting skill interactions, it forces developers to continuously make things more complex to keep the game feeling interesting, ultimately pushing more builds out of the meta. Then when your favorite skill is no longer adequate for the current state of the end game as a result of all this power creeping and min/maxing, players complain that GGG needs to nerf the strong builds, only to complain when the changes that come aren't what they wanted in the end and the cycle repeats.

All of that is to say stop whining and ruining the game for yourselves by demanding you be given all the data you think you need to min/max or blaming GGG for not implementing third-party tools into the core game. If you want that min/max power it should be something you opt into, not something to be expected.

"

I think it's more of a case of GGG covering themselves should bans be handed out. I highly doubt PoB would be doing this to harvest session ID's, but since it's open source all it takes is one bad actor to sneak in some naughty code somewhere.

I'm sure GGG would work with odd cases of unauthorized access due to stolen credentials, however, if it were to happen on a large scale, this is here so GGG can say "we told you so". Especially since OAuth is available and should be used.

Or a dev at PoB gets hacked. Or someone in the future at PoB is nefarious, or a number of possibilities in-between. GGG has little recourse on some of these 3rd party tools, which is definitely problematic from a security standpoint.

If something bad were to happen a large scale, it would be very interesting to see what GGG would do. PoB is used by an absurd about of players... a mass ban event would be financial suicide if you ask me.

"

vonMoselberg wrote:

GGG its time for 2FA !!!

Literally every site on the planet uses Session ID lmao.

It's what's given to you after logging in so 2FA would do literally nothing.