New Authentication System

[The Beatles]

You may be seeing this because, clicking on a game link and blithely unaware of the changes, you got logged out.

The thing is, there is a new authentication system in place which ensures your security on public computers. Until now, when using the no-cookie authentication method, old auth codes in a computer's history could be used to log in to your account. Now, however, that code is regenerated at each login and logout, so you can quite safely use the no-cookies login method at any computer. Just remember to always hit the Logout link and you'll always be safe.

A side effect is that when you log in (not just log out), all other sessions you had are logged out.

To those in the know: Hashes sent to the client are now salted with a random integer, changed at logout and login time.

~Beatles

[Turock]

Since you mentioned sessions

There probably should be a time limit for inactive sessions. Something like 15 or 30 minutes of inactivity and the account is logged out and the session killed. You could even add a $config variable to config.php and make it admin definable. Not that you don't have enough to do already...

[The Beatles]

Well -- on the backend, we don't use sessions, but we can simulate them.

However, I've never seen a real need for this, I think it would just annoy most people. Still, you can post in Suggestions, for if the staff differs I'll implement it.

[Turock]

I guess if it has no effect on gameplay then its not really a big issue. There are other things that are more important. It was just a random idea I had tonight

[The Beatles]

Apparently, this technique is called a 'Nonce'. Well, what do you know.

http://en.wikipedia.org/wiki/Nonce