Do not share POESESSID values with other people

"
Superalpaca wrote:
"
Cyndershade wrote:
Three cheers for fearmongering to stop people from trusting path of building.

Other tools have used this for -years- to no fanfare, interesting you chose today to bring up how "dangerous" it is.
[Removed by Support]


[Removed by Support]

POESESSID has been used for years by many programs and despite being a "huge security risk" GGG haven't bothered mentioning it to players. PoB comes out with an improvement to trading and suddenly it becomes an issue. Somehow I feel that the motivation behind this post was not concern for innocent players being banned.
Last edited by Nichelle_GGG#0000 on Dec 16, 2022, 6:26:17 AM
its soooo dangerous, we actively making it harder for 3rd party tools to work, so please dont use them, while you will have to and we give no other options

fffff-thank you. IE we dont give a shiver, you game isnt mysteries, stop trying to make it so, NO player wants that.
MAKE LEFT CLICK GREAT AGAIN.
"
CrazyPanda221 wrote:
"
Superalpaca wrote:
"
Cyndershade wrote:
Three cheers for fearmongering to stop people from trusting path of building.

Other tools have used this for -years- to no fanfare, interesting you chose today to bring up how "dangerous" it is.
[Removed by Support]


[Removed by Support]
POESESSID has been used for years by many programs and despite being a "huge security risk" GGG haven't bothered mentioning it to players. PoB comes out with an improvement to trading and suddenly it becomes an issue. Somehow I feel that the motivation behind this post was not concern for innocent players being banned.



A 3rd party tool on github assumes some technical knowledge vs the most used poe tool has a much bigger audience and impact. It means people who aren't as keen will start using it.

It's not far-fetched at all.
The more people use it and know where to find it = more risk of bad actor taking advantage of that.

Plus, why would GGG try to hide their feelings toward something they don't like? Chris told you directly: Get rekt Reddit.

I'm sure they'll post about the tool after internal discussions about it.



Last edited by Nichelle_GGG#0000 on Dec 16, 2022, 6:26:53 AM
"
zfate wrote:
"
KuuHaKu_OtgmZ wrote:
"
zfate wrote:
GGG really needs to take a stand against the new PoE tool that just basically automatically will buy you new/better gear.

Who's even playing at that point, shut that shite down!


Funny enough, the same could be said to build guides - the gear is basically sorted for you, all you need to do is follow the precisely crafted path until you reach them.

Oh the hipocrisy.



Having to know what to do and what type of item is useful for a build is a - tiiiiiny - bit different from copy-pasting and getting the item.

It's the difference between cooking a meal yourself following a recipe vs ordering a prepared meal or microwaving your food.



Except pob feature won't give you the bis item automatically, it'll just show you a list of items that best increase your dps at the moment, it'll be up to the user to find which of those items are indeed good (most will be lacking defenses).

It's no different than going to the trade site, putting some search criteria and copypasting the item into pob to see how it affects your build, except now it shows you the list inside it.
Last edited by KuuHaKu_OtgmZ#4582 on Dec 14, 2022, 9:21:36 AM

"
Except pob feature won't give you the bis item automatically, it'll just show you a list of items that best increase your dps at the moment, it'll be up to the user to find which of those items are indeed good (most will be lacking defenses).

It's no different than going to the trade site, putting some search criteria and copypasting the item into pob to see how it affects your build, except now it shows you the list inside it.








lol, just re-read what you wrote, you just explained how it's different...Knowing what you need, going to the trade site to search for it, copying the item into POB, then comparing it.

Now it's just 3 mouse-clicks on POB to do all of that. Again, cooking a meal vs ordering one.



My POESESSID is 13378008135101, you can't and won't even use it.
So all you really end up having is playing the economy, and plowing maps. And if you want to get anywhere on your character, you are better off mowing monsters down like weeds and just collecting pennies of the ground as fast as possible than any meaningful item hunting.
Hang on what's stopping people from just brute forcing possessids, if theres no 2fa????
So all you really end up having is playing the economy, and plowing maps. And if you want to get anywhere on your character, you are better off mowing monsters down like weeds and just collecting pennies of the ground as fast as possible than any meaningful item hunting.
"
Steelhart1 wrote:
Which Apps have been asking for this sessionID?

Any examples I should look out for?


Exilence Next definitely used to - but they may have updated it to go through OAuth now. Haven't tried it yet this league.

Edit: Just tried Exilence Next and it definitely does do logins through OAuth now :) Now that I think about it, I think it was also using OAuth in 3.19
Last edited by Alcsaar#1714 on Dec 14, 2022, 11:02:49 AM
"
Amarantha wrote:
"
Gorinnosho wrote:
PUT AN AUCTION HOUSE IN THE GAME ALREADY


No thanks, trade is fine as it is.
You don't realize how bad an auction house would be for this game.


Please explain how others are wrong and you are right and entitled to be the one who enforces the opinion ... Also explain why auction house would be bad while you are at it.
Never invite Vorana, Last To Fall at a beer party.
I see mentions of 2FA here. 2FA wont help - session id is what you get assigned AFTER passing 2FA and as soon as someone has yours, for the server his session is yours. There might be some additional security measure (for example session id valid only for IP used when it was created, but generaly session id is what identifies you to the server after you log in, no matter the way).

As for bruteforcing session id - i imagine trying to bruteforce 32 characters long hexadecimal string (0...f characters) over the network may take a while and most probably it would trigger DoS protection (or DDoS when distributed for speed).
(\__/) This is Bunny. Copy and
(='.'=) paste Bunny to help him
(")_(") gain world domination.

Report Forum Post

Report Account:

Report Type

Additional Info