Session Key expiring

For discussion of the Poker Mavens server module and other administration topics

Session Key expiring

Postby CanadaWest » Tue Sep 15, 2009 6:25 pm

Hi Kent,

We have been changing our entire site over to PHP pages and will be using sessions to enhance the player's experience and the site functionality.

We have used the new login page to call a SessionKey via API and can assign that Key as the Session_id and pass it through all the pages. The problem occurs when a player goes to the gameserver (no login requird), plays a while then leaves to, say, create a private Ring Game on the website. When he goes back to the gameserver, the SessionKey has expired.

I want to restrict Login to the website but would not feel good about it if players have to go get a new session every time they want to re-enter the gameserver.

Why is the SessionKey one-time-use? Why not have it expire after 24 hours? Or at the idle limit?

Or am I missing something... again. LOL
George
(CanadaWest)
www.playersclub.ca
CanadaWest
 
Posts: 107
Joined: Wed May 06, 2009 12:59 pm

Re: Session Key expiring

Postby Kent Briggs » Tue Sep 15, 2009 7:30 pm

CanadaWest wrote:We have used the new login page to call a SessionKey via API and can assign that Key as the Session_id and pass it through all the pages. The problem occurs when a player goes to the gameserver (no login requird), plays a while then leaves to, say, create a private Ring Game on the website. When he goes back to the gameserver, the SessionKey has expired.


The session key expires when they log out of the game. They should only see a session key expired message if they try to refresh the browser page and thus bypass your login system. If that was allowed to happen then it would defeat the whole purpose of the session key system. Why are they logging out to create a new ring game rather than just opening a new tab or new browser window?

Why is the SessionKey one-time-use? Why not have it expire after 24 hours? Or at the idle limit?


For both simplicity and maximum security. It's safe to embed right in the link since it can't be used again. And it prevents bypassing the site's custom login system. If you don't care about any of those things then you can still use the old LoginName/LoginPassword parameters.
Kent Briggs - [email protected]
Briggs Softworks - http://www.briggsoft.com
Kent Briggs
Site Admin
 
Posts: 3763
Joined: Wed Mar 19, 2008 8:47 pm

Re: Session Key expiring

Postby CanadaWest » Wed Sep 16, 2009 12:06 am

Kent Briggs wrote:
It's safe to embed right in the link since it can't be used again. And it prevents bypassing the site's custom login system.


I see. Thats a bit disappointing. I think a session should last until the user ends it or is idle for a certain time.

One of the frustrations players face is when signal interruption, a dropped packet or some other issue forces them to Refresh and log back in. Its bad enough when all they have to do is Referesh, wait for the lobby to load and click OK to log in. If I force them to return to the website and get another session key, it will not be pretty.. LOL .. Every second counts when that turn clock is running. I thought the SessionKey login should make it easier for the players. "Refresh" and it opens again. Pity.

You know? Its a user's responsibility to log out properly to end their session. My hotmail, facebook and other sessions survive refreshing the page. The PHP session-ids survive refreshing the page.

I'm not sure I understand.
George
(CanadaWest)
www.playersclub.ca
CanadaWest
 
Posts: 107
Joined: Wed May 06, 2009 12:59 pm

Re: Session Key expiring

Postby Kent Briggs » Wed Sep 16, 2009 12:22 am

CanadaWest wrote:[I see. Thats a bit disappointing. I think a session should last until the user ends it or is idle for a certain time.


The user did end it by logging out. Logged out is logged out. To log back in, they need to repeat the login procedure.

My hotmail, facebook and other sessions survive refreshing the page.


So does Poker Mavens, until you explicitly disabled it's own internal login system and replaced it with your own. If you've got the game embedded in a frame or iframe, the user is actually refreshing your page and so there should be nothing stopping you from automatically issuing another session key and logging them back in automatically.
Kent Briggs - [email protected]
Briggs Softworks - http://www.briggsoft.com
Kent Briggs
Site Admin
 
Posts: 3763
Joined: Wed Mar 19, 2008 8:47 pm

Re: Session Key expiring

Postby CanadaWest » Wed Sep 16, 2009 2:53 am

Kent Briggs wrote:
there should be nothing stopping you from automatically issuing another session key and logging them back in automatically.


Of course! I can put my own "refresh" button on the gamepage that calls a new SessionKey and logs them right back in.

Very good.
George
(CanadaWest)
www.playersclub.ca
CanadaWest
 
Posts: 107
Joined: Wed May 06, 2009 12:59 pm


Return to Site Administration

Who is online

Users browsing this forum: No registered users and 7 guests

cron