I am not experiencing this bug, but I think this is actually a feature.
Here is a post I made regarding this:
Hopefully someone saw my post or a post similar to it and implemented it.
1 Like
I think (just like many others) that this update is a very good thing security wise, since it protects users from getting cookie logged like you did.
The issue I have with this is that it’s implemented in a way that we, developers, are left with no real alternative/solution for our bots.
4 Likes
I’m slightly late to this thread, but this update is terrible for developers. Any sort of application that requires cookie authentication will break or be unable to be updated.
Discord bots, group automation, literally everything. It would make sense for Roblox to speak to developers on something like this before rolling it out, or at least make us aware of it.
1 Like
No response or explanation from ROBLOX, meanwhile
-Bots and automation site-wide for genuine dev use cases have been destroyed
-Account theft has not only not been stopped but has INCREASED due to impersonator scammers on Discord taking advantage of all the chaos.
-Absolutely zero announcements or clarification from ROBLOX about what’s happening or what will be implemented to allow developers to do something in the meantime before Open Cloud becomes actually useful.
Completely puzzling, genuinely one of the worst ROBLOX updates in a long time, and dudes at the HQ are wondering why the stock is down 70% with decisions like this.
1 Like
From someone who has worked with Roblox in the past:
You can’t expect something to completely stop an action. Bad actors will try to go with different routes. That’s why “good job, you fixed XYZ” jokes exist.
Also, if you give up your personal log in credentials to someone who claims to be popular or in exchange for goods, it’s just Darwinism at this point.
That’s what happens during A/B testing. If anything, we will get a response after they’re done gathering data.
It’s a hack sure but what else are developers supposed to use, like previous responders in this thread have mentioned it’s incredibly limited atm and incredibly selective to have your opinions/suggestions about that kinda stuff heard by ROBLOX. As per usual there’s such a disconnect between the platform and its developers.
You can use open cloud:
If you need any specific features just reply to that thread with your asks. (guessing you need group management API or so?)
The issue is that in this instance, the change is actually highly beneficial for 95% of users (regular users who are often the target of cookie theft). It’s worth making this change for that reason. I’m certain you’ll figure out how to work around this constraint in the mean-time. For example you could rent a cloud machine with a fixed IP to get around the issue.
You can use open cloud
Most of the features that would be most commonly used are either unreleased or in “planning” which in ROBLOX terms could mean anything. There is zero reason to not have made this change optional it would take seconds of effort and if the attacker were able to get into someones account to make the change then they wouldn’t have needed it anyway because they’re ALREADY in the account.
The issue is that in this instance, the change is actually highly beneficial for 95% of users (regular users who are often the target of cookie theft)
This won’t change a thing, still see cookies being logged by people who have circumvented the system or a shift to just people stealing account credentials/emails which is soooo much better. This was a reactionary update to the bad PR regarding ROBLOX outsourced support helping bad actors get account information behind the scenes to cover their you-know-whats and it’s obvious.
Uhu 
Back to reality: recommend just setting up a few feature requests for the endpoints you need to reach via ApiKey. It’s not worth your time to waste energy on “big bad corp” stories, let’s be constructive.
2 Likes
To be entirely clear: I’m talking about the tinfoil-hattery that for some reason this change would be related to that. It’s “big bad corp” talk that isn’t based on anything.
Can assure you this change was made for security reasons, not to counter bad press lol.
3 Likes
This update was rolled out to everyone.
There is a way to fix it but, you need a VPS server which I cannot afford.
For those of you looking for a “free” option, Google Cloud includes a e2.micro VM in its Always Free Tier along with one static IP. However, you have to select HDD as its persistent disk.
Link to the relevant Free Tier section: Google Cloud Free Program
A word of caution, this is what is available (not my recommendation). Google can change its free tier at will, so might wanna be careful. Unfortunately, you will need a credit card for the purpose of verification.
4 Likes
It wasn’t rolled out to everyone because I don’t have VPS and it is still working fine for me.
This has been a solid solution, would highly recommend.
It would just charge you after 300$ free trial.
Oh no no, this is a solution without considering the 300$ you get in the free trial. It uses services from Google’s forever free tier, so you should not be charged for minimal stuff. Then again, if one is doing stuff at scale, they should not be expecting to get it done for free.
I really hope roblox adds this feature. I have roblox groups that i need to have a bot for. Cafe groups need an application/job center and i have purchased both of those from EasyRanks. If this doesnt get fixed ive lost all hope…
The problem is about the ranking bots. Not about the VPN.
The bot gets logged off whenever you run your ranking code.
1 Like
Ok, so regarding this feature, it is good and bad.
This is going to break a ton of ranking services/management, games, etc. The thing is Roblox has not even announced the change or a notice which is annoying. This is going to cause major problems with ranking services as the ranking services will get a high amount of tickets. But this helps security as well.
I really suggest Roblox add a feature in Security allowing you to change it to bypass this change. However, you would need an Account Pin and a Verified Email linked to the account to do this.
Anyways, lets just hope for the best.