IP Changes Invalidate Cookie

Don’t worry, I won’t get hacked. Anyways that account is an alt / bot account so it doesn’t matter. It has extra security just in case it does get hacked. So don’t worry about the Cookie being exposed.

2 Likes

I think this is in purpose, it’s a method to secure the platform and accounts, making sure none of their changes effect a big and long-standing community.

5 Likes

I agree with this, making this change optional would have the maximum benefit to everyone.

2 Likes

You folks should file feature requests in #feature-requests:website-features to have more endpoints added to Open Cloud.

It’s always been a hack to use cookie for external tooling. Cookies are for user authentication. Treat it as the hack that it is if you choose to continue working this way.

7 Likes

Yep, it also broke my bots. Thanks to Roblox now my services died.

2 Likes

It may be an A/B test because I don’t see an issue but other users do. So maybe it was only rolled out to certain users?

2 Likes

It looks like Roblox is enrolling this feature to more & more users. Whereas we had about 65% successful requests 2 days ago, it’s only 50% today.

I’m afraid there’ll be no other option than using captcha solving services. :man_shrugging:

6 Likes

I would if I could. My game’s completely non-functional because I cannot use the Ranking bot.

2 Likes

Sadly most people, such as myself, can’t create feature requests because they’re not regulars which as far as I know is not possible to get anymore hence feature requests like this tend to lose traction.

3 Likes

Not suggesting anything of the sort. It’s understandable people try to find solutions where none exist.

All I’m trying to say is that if people continue to use cookies for authentication for external tooling, you’ll have to be prepared to jump through hoops because this is not an official way to communicate with the API. Cookies are intended for authenticating user devices.

3 Likes

Not sure if this is related, but instead of invalidating my cookie, when I use a VPN, no images load. Not thumbnails, friends, icons, etc. Games work just fine, though.

Could I be in another testing group where it doesn’t invalidate your cookie but blocks your requests?

2 Likes

I don’t have that feature. I live in France and it seems that they removed it just now.

2 Likes

It looks like Roblox has rolled this back, can anyone else confirm?

1 Like

A lot of developers rely on these APIs to run their groups. If Roblox doesn’t want us to perform actions this way, they should provide a way for us to securely authenticate [like OAuth2] and perform actions.

3 Likes

In case you missed it:

2 Likes

No images load for me when on VPN as well.

1 Like

Negative, I still seem to have issues.

Currently in the UK.

1 Like

This is still working for me as of now. It was broken as of the other day, and I can confirm ReAdmins error rates are going down for new-logins.

1 Like

Maybe they’re rolling it back slowly?

1 Like

After a bit of testing I found out that the cookie only gets invalidated whenever your IP originates from another continent regardless of the A/B testing in that specific region.

Roblox probably increased the IP-region threshold instead of doing a rollback.

2 Likes