IP Changes Invalidate Cookie

Ok, so regarding this feature, it is good and bad.

This is going to break a ton of ranking services/management, games, etc. The thing is Roblox has not even announced the change or a notice which is annoying. This is going to cause major problems with ranking services as the ranking services will get a high amount of tickets. But this helps security as well.

I really suggest Roblox add a feature in Security allowing you to change it to bypass this change. However, you would need an Account Pin and a Verified Email linked to the account to do this.

Anyways, lets just hope for the best.

I think it is great update as it adds more security against people hacking accounts the only issue is off course it breaking ranking services (I know from experience cuz currently my system is not working I created).

What I would personally love to see from Roblox is to support us developers more by having like an API key or smthing. I heard the open cloud thing but I don’t think it currently really supports the web endpoints at all and I think that it would be great if they could support us using the web API via some type of system. (I will link where you can create one: https://create.roblox.com/credentials). Most companies have something like this as an example the twitter API and the trello API which is supported directly by these companies.

Make a feature request about it to have group rank endpoints added to Open Cloud.

This is a bug report, so feature suggestions will be lost here.

5 Likes

For the ranking thing, what language are you using and which packages are you using (if you use any)?

I have a ranking bot which was broke thanks to this update. I use JavaScript with discord.js and noblox to make it pretty much. My bot also does other ROBLOX related things, all of which no longer work.

1 Like

Hmmm……

Bots still can work with a VPN AS LONG AS YOU HAVE A STATIC IP! You can use an SSH terminal to get the cookie from the VPN’s IP (bit more complicated than that but this isn’t a tutorial).

It’s a problem when it comes to having a dynamic IP, if using something like Repl or Glitch. You won’t have it working using these most likely.

1 Like

Personally, I think this is the worst feature to ever be implemented into Roblox. It’s well known that young kids don’t remember their passwords, as well as parents who set up the account. So picture yourself as a 6-year-old. You’re going to your friend’s house… You take your little iPad or whatever. When you connect to your friend’s network you’re gonna be logged out, and potentially lose months of work. Or even if your in your own home, if the power goes out and your router is offline for over around 8 hours, most IPS will assign another IP automatically which would trigger a cookie reset. Now that we have seen this is detrimental to young kids, let’s explore how much this will be hurting botters or cookie loggers. Now, it won’t require any exploits to get around this… simply use a VPS (a VPS is not a VPN) like digital ocean, set up a private proxy, and then that could be used to bypass the cookie situation at least for botters. Now for cookie loggers, it would be a bit more difficult but also easy. It is worth noting that most cookie loggers don’t actually create the cookie logging programs, so it will take a few months for this to get implemented. But they could easily bypass this by hosting a proxy on the victim’s device, and that should be enough time to steal all the items. It wouldn’t even need to be port forwarded, Cloudflare provides options to give port forwarding effects without opening ports. All in all, this is essentially a completely WORTHLESS implementation, but at least Roblox is trying. :slight_smile:

4 Likes

My phone keeps getting logged out despite being in the same city all the time. The only difference is using WiFi or mobile data.

1 Like

It’s already clear from earlier responses in the thread that it doesn’t invalidate your session on any IP change, just based on proximity. e.g. note this post: IP Changes Invalidate Cookie - #130 by Dr_Luxxe

Since you’re not suggesting someone is going to go on an intercontinental flight for a playdate or to get better WiFi connection, your scenarios shouldn’t occur with this change.

2 Likes

I guess that’s a fair point, I haven’t considered that.

Good update but a pain for devs who use cookies for like Discord bots or ranking games. I think they should add it to the opencloud.

1 Like

LOL so we know who to blame :laughing:

I do think it is a good feature but would be nice for them to add the ranking to the open cloud.

1 Like

They are working on a authentication system where developers can create applications and use API keys so hopefully that will fix those problems.

1 Like

This happens to me after leaving asia and flying back to us

It’s now to the point I can’t even access my Roblox account without being signed out. I recently only signed in from my home where I am at the time of recording the clips below and using my internet connection that I’ve been using the whole time. As soon as I close the Roblox app and start it again, or refresh my browser’s webpage, I get signed out immediately. I cannot even access my account settings to do a secure sign out or anything like that to reset my cookie.

PC Website:


Mobile App:


Was planning on doing some Studio work today, but this is going to set me back by a lot. Today was my last opportunity to finish what I needed to do. Others I know have also reported this happening on their Mobile apps.

EDIT: Tried resetting my password. It worked for a brief second; I was able to visit a few pages… before signing me out again.

1 Like

It might be more fruitful to file a new bug report so you can add private details (ISP, your IP, whether your IP aggressively cycles or not). This bug report is a bit too broad because this is just complaining about the change being a thing in general.

You can use @Bug-Support to file the bug report if you don’t have direct access to #bug-reports .

2 Likes

This is weird, my internet goes off every 10 hours due to privacy reasons, and every single digit from my IP changes, so I don’t know why this is happening to you.

This is a good feature Yes it may be annoying, but it helps prevent cookie logging when people send their cookie to some random user, and it helps reduce botting models and users (mostly used for serversides)

1 Like

Thanks for the report! This change is intended. To keep your account secure you may be required to login to Roblox again. We’re looking to address these concerns through our Open Cloud initiative with the feedback you all have provided.

Please submit a feature request for API endpoints you think that we should support.

14 Likes