These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

Player Features and Ideas Discussion

 
  • Topic is locked indefinitely.
 

Automatic logon to the forums from ingame browser
Author
Previous Topic Next Topic
Daedalus II
Aliastra
Gallente Federation
#1 - 2012-04-11 09:00:47 UTC
The title says it all really.

I think it's pretty obvious that you should be logged on to the forums if you access them via the game, I mean the game MUST know who you are by that stage, this shouldn't even be an issue.

It's especially important when using the new corp forums. Having your members log in one extra time is just an unnecessary complication and a barrier to entry when the game already know who you are.

And if it isn't possible to gain access to the whole forum at least give us some way to access the corp forums via the game so we don't have to log in. I don't want my members to get 404-errors just because I post a link into our corp forum in a mail and they aren't logged in.
Nalha Saldana
Aliastra
Gallente Federation
#2 - 2012-04-11 13:22:10 UTC
Adding a extra (optional) neocom button with its own eveo forums icon would be nice
Aurel Svenson
Cyclone Solutions
#3 - 2012-04-11 13:28:02 UTC
Yep, the logon doesn't make much sense to me.
Daedalus II
Aliastra
Gallente Federation
#4 - 2012-04-11 13:31:05 UTC  |  Edited by: Daedalus II
Nalha Saldana wrote:
Adding a extra (optional) neocom button with its own eveo forums icon would be nice

Yeah and if you open the forum via that button you'd be automatically logged in.

Edit: actually two buttons would be nice; one for the EVE-O forums and one for the corp forum part specifically.
RatKnight1
KarmaFleet
Goonswarm Federation
#5 - 2012-04-11 15:15:46 UTC
+1
mxzf
Shovel Bros
#6 - 2012-04-11 16:19:47 UTC
Have to say, this makes a LOT of sense. Heck, there are other sites that can automatically log you in if you trust the page, there's no reason Eve's own forums shouldn't be able to do it too.
Daedalus II
Aliastra
Gallente Federation
#7 - 2012-04-12 07:55:23 UTC
Bump
Daedalus II
Aliastra
Gallente Federation
#8 - 2012-04-13 13:46:07 UTC
Bump again.
GizzyBoy
I N E X T R E M I S
Tactical Narcotics Team
#9 - 2012-04-13 20:07:55 UTC
bump,

but firstly its a terrible idea

for a number of reasons.

1) the char key your browser passes in the header when the session is created can be forged,
its not hard, infact its so damn easy its scary.

2) saving your login details into a cookie with out the right kind of code could lead easily to session hijacking and all other kinds of nastiness.

3) the eve browser is actually made by a 3rd party, ccp does do some mods to it, but largely the code base is coming from some where else. and that means bugs, security holes and god knows what else lurking in the background.

4) if you have multi chars its actually quite nice to check the mail on one, while your working with the other, I normally use an out of game browser for this, because oddly that makes more sense.


5)Perhaps what ought to happen is your prompted for your login again, but using this method for crafting fishing hijinks is once again a problem.

dont think they haven't thought about it, they just know whats going to happen.


is it annoying?
yes

does it save every one alot of grief from the phising, hacking and other hijinks? yes.
Daedalus II
Aliastra
Gallente Federation
#10 - 2012-04-13 21:34:16 UTC
A) We know that there is already a cookie login functionality in the ingame browser (because you can check the "remember me" at the login to the forums.

B) Assuming CCP aren't total tools, and given the slap on the hand they got with the debacle where you could steal someones login by changing a number in a cookie, I think we can believe they can (now) create an appropriately safe cookie.

C) Assuming A and B holds, why wouldn't the game somehow be able to create said cookie, and put it in the browsers cache upon login? And there is also the functionality where they could use their own damn API they created for third party website authentication that is built into the web browser. Given this I can't see why it should be that hard to have it done, and have it done safely.

Well I'm no web browser security expert, so I don't know how feasible this is, but honestly you don't seem to be that much of an expert either, you know the jargon yes, but do you know the guts of it?
Daedalus II
Aliastra
Gallente Federation
#11 - 2012-04-19 22:05:13 UTC
Bump.