Ok, so regarding this feature, it is good and bad.
This is going to break a ton of ranking services/management, games, etc. The thing is Roblox has not even announced the change or a notice which is annoying. This is going to cause major problems with ranking services as the ranking services will get a high amount of tickets. But this helps security as well.
I really suggest Roblox add a feature in Security allowing you to change it to bypass this change. However, you would need an Account Pin and a Verified Email linked to the account to do this.
I think it is great update as it adds more security against people hacking accounts the only issue is off course it breaking ranking services (I know from experience cuz currently my system is not working I created).
What I would personally love to see from Roblox is to support us developers more by having like an API key or smthing. I heard the open cloud thing but I don’t think it currently really supports the web endpoints at all and I think that it would be great if they could support us using the web API via some type of system. (I will link where you can create one: https://create.roblox.com/credentials). Most companies have something like this as an example the twitter API and the trello API which is supported directly by these companies.
I have a ranking bot which was broke thanks to this update. I use JavaScript with discord.js and noblox to make it pretty much. My bot also does other ROBLOX related things, all of which no longer work.
Bots still can work with a VPN AS LONG AS YOU HAVE A STATIC IP! You can use an SSH terminal to get the cookie from the VPN’s IP (bit more complicated than that but this isn’t a tutorial).
It’s a problem when it comes to having a dynamic IP, if using something like Repl or Glitch. You won’t have it working using these most likely.
Personally, I think this is the worst feature to ever be implemented into Roblox. It’s well known that young kids don’t remember their passwords, as well as parents who set up the account. So picture yourself as a 6-year-old. You’re going to your friend’s house… You take your little iPad or whatever. When you connect to your friend’s network you’re gonna be logged out, and potentially lose months of work. Or even if your in your own home, if the power goes out and your router is offline for over around 8 hours, most IPS will assign another IP automatically which would trigger a cookie reset. Now that we have seen this is detrimental to young kids, let’s explore how much this will be hurting botters or cookie loggers. Now, it won’t require any exploits to get around this… simply use a VPS (a VPS is not a VPN) like digital ocean, set up a private proxy, and then that could be used to bypass the cookie situation at least for botters. Now for cookie loggers, it would be a bit more difficult but also easy. It is worth noting that most cookie loggers don’t actually create the cookie logging programs, so it will take a few months for this to get implemented. But they could easily bypass this by hosting a proxy on the victim’s device, and that should be enough time to steal all the items. It wouldn’t even need to be port forwarded, Cloudflare provides options to give port forwarding effects without opening ports. All in all, this is essentially a completely WORTHLESS implementation, but at least Roblox is trying.
It’s already clear from earlier responses in the thread that it doesn’t invalidate your session on any IP change, just based on proximity. e.g. note this post: IP Changes Invalidate Cookie - #130 by Dr_Luxxe
Since you’re not suggesting someone is going to go on an intercontinental flight for a playdate or to get better WiFi connection, your scenarios shouldn’t occur with this change.
It’s now to the point I can’t even access my Roblox account without being signed out. I recently only signed in from my home where I am at the time of recording the clips below and using my internet connection that I’ve been using the whole time. As soon as I close the Roblox app and start it again, or refresh my browser’s webpage, I get signed out immediately. I cannot even access my account settings to do a secure sign out or anything like that to reset my cookie.
PC Website:
Mobile App:
Was planning on doing some Studio work today, but this is going to set me back by a lot. Today was my last opportunity to finish what I needed to do. Others I know have also reported this happening on their Mobile apps.
EDIT: Tried resetting my password. It worked for a brief second; I was able to visit a few pages… before signing me out again.
It might be more fruitful to file a new bug report so you can add private details (ISP, your IP, whether your IP aggressively cycles or not). This bug report is a bit too broad because this is just complaining about the change being a thing in general.
You can use @Bug-Support to file the bug report if you don’t have direct access to #bug-reports .
This is weird, my internet goes off every 10 hours due to privacy reasons, and every single digit from my IP changes, so I don’t know why this is happening to you.
This is a good feature Yes it may be annoying, but it helps prevent cookie logging when people send their cookie to some random user, and it helps reduce botting models and users (mostly used for serversides)
Thanks for the report! This change is intended. To keep your account secure you may be required to login to Roblox again. We’re looking to address these concerns through our Open Cloud initiative with the feedback you all have provided.
Please submit a feature request for API endpoints you think that we should support.
