When a request is sent from an IP address in a different region from the one originally used to login, the .ROBLOSECURITY token will be reset and the user will be forced to re-enter their username and password. I was wondering if there was a way to disable this so I can use a remote host that has servers located in a different region.
The .ROBLOSECURITY token is always reset on IP change for simply security reasons. (You don’t want someone in Antarctica to log in to your account using an token from across the world.) There is no way to override this.
Why would you even want or need to change this behavior anyways?
From my understanding, there’s no way to disable the cookie reset condition; it’s a global security rule applied to all tokens.
One solution would be to use a static IP VPS as a proxy for all those servers to send their requests through.
1 Like
I’m planning on creating a group ranking bot that will be remotely hosted on some cloud servers.
You need to use the Open Cloud API for such which is much safer and officially supported by Roblox.
That won’t work for Group Ranking Bots since Open Cloud doesn’t have a Group API yet.
Edit: 10/18/2023: Open Cloud now has a Group API. However, it still does not support what the OP is trying to achieve.
See this announcement:
2 Likes
This I can imagine is the only way you could do this sort’ve thing. If you sign into a central VPS that the account is logged into (therefore, the .ROBLOSECURITY token wouldn’t change as the IP doesn’t change if it’s static), you’ll be able to host an API (build it in NodeJS, C# .NET, whatever takes your fancy) from that same VPS, expose the endpoints behind some kind of authentication/API key so that you know only YOU can interact with those endpoints and do whatever you need to do. 