Do not share POESESSID values with other people


Some third-party tools ask that you give them your Path of Exile website session cookie in order for them to be able to function, without explaining the significant risks this exposes you to. This cookie value gives the recipient almost complete access to your Path of Exile account on the website, enabling them to do almost any action including viewing personal information, spending your points, or posting on the forums as you.

While sharing any login information with other people is specifically against Path of Exile's terms of use, we haven't yet proactively banned any users for sharing their POESESSID values. However, if your session is misused and someone does something bad on your account that results in a ban, then the intentional disclosure of your account credentials is only going to make the situation worse. Your account is valuable to you. Protect it and don't give other people access.

Note that while you may trust the third-party tools you are using currently, there is nothing to stop someone updating them in the future to harvest credentials. If the third-party tools store your credentials locally, then they're often stored insecurely and can be sniped by other programs you may also be running.

The secure way of granting tools access to your data is via OAuth. We support OAuth with all of our officially documented API endpoints and a large number of tools have already implemented this. We are continuing work to expand the resources available (such as the trade website) to third-party tool developers.

Edit: if you want to reset your POESESSID, just log out of the pathofexile.com website and back in again. Any previous session cookies you gave out before will now be invalid.
Posted by 
on
Grinding Gear Games
True.

I will do my best to move away from using the session ID as a form of authentication in the apps I'm responsible for building for my community, and encourage any PoE tool developers to do the same.

https://www.pathofexile.com/developer/docs/authorization
Last edited by ClumsyParasite#3060 on Dec 13, 2022, 9:24:53 PM
I know I am missing out on a lot of QOL sites. I dont use any 3rd party tool for this reason.
Ascension tied to Lab is the worst thing GGG has done...apart from GGG's philosophy on Trading. Oh and Gambling Loot boxes. And selling out to tencent.

I used to love GGG. I supported to ensure GGG remained independent, now I just wish I could get my money back. -_-
Which Apps have been asking for this sessionID?

Any examples I should look out for?
I read that as POSSESSED and thought that was a new Torment mechanic.
GGG its time for 2FA !!!
"The best and most beautiful things in the world cannot be seen or even touched - they must be felt with the heart."
Chaos Recipe Enhancer is one I know of
I think this is coming up because there's new functionality in Path of Building that helps you search for items you've made in it but requires your POESESSID. ZiggyD did a video on it so more people are trying it and GGG is trying to get ahead of this before someone hijacks accounts.
Exilence Next too
Acquisition and CurrencyCop both use it.

Report Forum Post

Report Account:

Report Type

Additional Info