Introducing Account Session Protection

Do you want to see the game I was joining?

No, I’m okay. I’d rather not have people get their accounts compromised. (If what you say is true)

Thanks you! We reviewed it internally and decided that we will refrain from enforcing Account Session Protection for now until it’s supported on OpenCloud.
Thanks again for the prompt feedback!

6 Likes

W update ngl, expected this for awhile. Same goes for other platforms out there.

so… is this getting enabled td?

I’m really glad that this is finally being worked on but as of today (01-23-2024) it seems like I can still get into my alt account using the cookie. Yes i’m using two different computers and I’ve even gotten my friend to get into the account without I’m ever being logged onto his pc. Is this still in the works or should it be working right now?

It is still not enabled for some reason

1 Like

Hi Developers! In the spirit of transparency, we want to provide you with an update on our timeline for enforcing Account Session Protection on the Roblox domains listed below. We now expect to roll out by the end of June 2024 at the latest.

As our team at Roblox got to work on this enforcement, we came across some technical questions that required more in-depth discussions. We always work to put out the best solutions in place, and this one is taking a little bit longer than we expected.

We appreciate your patience and will provide you with further updates over the coming months!

8 Likes

Is there any reason why it hasn’t been enforced as of yet?

Yeah, that seems like a big problem. I’ve seen daily people on Discord and other social media platforms trying to beam people using pish links; Roblox needs to immediately roll that out, or else there will be a bunch of problems with beaming sites.

Are there any news about a new potential relase date, as mentioned before, the demand is very high, due to increasing amounts of people getting beamed.

2 Likes

I’ve been trying to use my ROBLOSECURITY for my Python bot. However, I cannot use it. It’ll just change my ROBLOSECURITY as soon as I try to use it on an external server. I have Account Session Protection turned off for the account that I’m trying to use my program on.

are you getting the x-csrf token?

Yes, I am. The code works perfectly fine but the ROBLOSECURITY token resets when it’s put on an external host like SparkedHost.

the ip that its using could be out of your region, causing the cookie to invalidate

You can add a passkey in your Settings. Passkey has the same technology under the hood as security keys. And, you can use passkeys to login instead of password.