Hi Kent,
We have been changing our entire site over to PHP pages and will be using sessions to enhance the player's experience and the site functionality.
We have used the new login page to call a SessionKey via API and can assign that Key as the Session_id and pass it through all the pages. The problem occurs when a player goes to the gameserver (no login requird), plays a while then leaves to, say, create a private Ring Game on the website. When he goes back to the gameserver, the SessionKey has expired.
I want to restrict Login to the website but would not feel good about it if players have to go get a new session every time they want to re-enter the gameserver.
Why is the SessionKey one-time-use? Why not have it expire after 24 hours? Or at the idle limit?
Or am I missing something... again. LOL
Session Key expiring
-
- Posts: 107
- Joined: Wed May 06, 2009 12:59 pm
- Contact:
-
- Site Admin
- Posts: 5880
- Joined: Wed Mar 19, 2008 8:47 pm
Re: Session Key expiring
The session key expires when they log out of the game. They should only see a session key expired message if they try to refresh the browser page and thus bypass your login system. If that was allowed to happen then it would defeat the whole purpose of the session key system. Why are they logging out to create a new ring game rather than just opening a new tab or new browser window?CanadaWest wrote:We have used the new login page to call a SessionKey via API and can assign that Key as the Session_id and pass it through all the pages. The problem occurs when a player goes to the gameserver (no login requird), plays a while then leaves to, say, create a private Ring Game on the website. When he goes back to the gameserver, the SessionKey has expired.
For both simplicity and maximum security. It's safe to embed right in the link since it can't be used again. And it prevents bypassing the site's custom login system. If you don't care about any of those things then you can still use the old LoginName/LoginPassword parameters.Why is the SessionKey one-time-use? Why not have it expire after 24 hours? Or at the idle limit?
-
- Posts: 107
- Joined: Wed May 06, 2009 12:59 pm
- Contact:
Re: Session Key expiring
I see. Thats a bit disappointing. I think a session should last until the user ends it or is idle for a certain time.Kent Briggs wrote:It's safe to embed right in the link since it can't be used again. And it prevents bypassing the site's custom login system.
One of the frustrations players face is when signal interruption, a dropped packet or some other issue forces them to Refresh and log back in. Its bad enough when all they have to do is Referesh, wait for the lobby to load and click OK to log in. If I force them to return to the website and get another session key, it will not be pretty.. LOL .. Every second counts when that turn clock is running. I thought the SessionKey login should make it easier for the players. "Refresh" and it opens again. Pity.
You know? Its a user's responsibility to log out properly to end their session. My hotmail, facebook and other sessions survive refreshing the page. The PHP session-ids survive refreshing the page.
I'm not sure I understand.
-
- Site Admin
- Posts: 5880
- Joined: Wed Mar 19, 2008 8:47 pm
Re: Session Key expiring
The user did end it by logging out. Logged out is logged out. To log back in, they need to repeat the login procedure.CanadaWest wrote:[I see. Thats a bit disappointing. I think a session should last until the user ends it or is idle for a certain time.
So does Poker Mavens, until you explicitly disabled it's own internal login system and replaced it with your own. If you've got the game embedded in a frame or iframe, the user is actually refreshing your page and so there should be nothing stopping you from automatically issuing another session key and logging them back in automatically.My hotmail, facebook and other sessions survive refreshing the page.
-
- Posts: 107
- Joined: Wed May 06, 2009 12:59 pm
- Contact:
Re: Session Key expiring
Of course! I can put my own "refresh" button on the gamepage that calls a new SessionKey and logs them right back in.Kent Briggs wrote:there should be nothing stopping you from automatically issuing another session key and logging them back in automatically.
Very good.