Logging in from other places

Use this forum for discussions on the upcoming Instant Messenger and game application.

Which would you prefer?

Poll ended at Sun Apr 26, 2015 9:25 am

Logins to auto-kick the other out
0
No votes
Logins to give an option wherever to kick or not
2
67%
Other
1
33%
 
Total votes: 3
User avatar
Doctor Azo
Head Admin
Head Admin
Posts: 2870
Joined: Tue Jun 17, 2014 1:02 am
Location: SW England, UK
Medals: 6
Referrer AGN's MC player AGN's TF2 player First year AGNer Kiloposter HoW access
Has Liked: 171 posts
Liked for: 1189 posts

Logging in from other places

Postby Doctor Azo » Sun Apr 19, 2015 9:25 am

What would you prefer if you log in while already logged in elsewhere? Would you like to have an option to logout the other or would you rather be able to log straight in?

Having the option would make logging in elsewhere or quickly reconnecting (when the server hasn't timed you out yet) a bit annoying. Being able to log straight in would be more convenient.

But imagine if someone hacks into your account while you're logged in or you log in while someone else is logged into your account. With the option to force a log out, the online client will be warned that someone else has attempted to login. This may give you (or them) a moment at least to realise someone else has attempted to log in.

Imagine person A is the client currently logged in and person B is the other client that has given the correct login credentials:

Auto logout scenario:

1. Person B logs in and logs A straight out. B will be told they've logged out elsewhere and A will be logged out right away and told the reason.

Optional logout scenarios:

2. Person B logs in and is given an option to logout A. B chooses not to but A will still be alerted that someone elsewhere has attempted to log in. This might give them time to change their password and message an admin.

3. Person B logs in and is given an option to logout A. B choose to log them out. However A will be still alerted immediately.

In 1 and 3, a hacker would most likely pick these to log in and change the password ASAP. However so would the owner if they think that A is a hacker. The owner however should prioritise alerting an admin in cases a hacker does log in or is already logged in.
Community Rules | Newcomer FAQ | Our MC server FAQ | Our TF2 server FAQ
Need help with AGN? Check out the Tech forum.
Drop in suggestions or complaints in Suggestions forum.
Is it a private matter? PM me!
AGN's Twitter: @AceGamersNetwrk

"Creativity is intelligence having fun." - Albert Einstein
clairne
Intermediate
Intermediate
Posts: 1382
Joined: Thu Jun 26, 2014 8:31 pm
Medals: 3
First year AGNer Kiloposter HoW access
Has Liked: 850 posts
Liked for: 733 posts

Re: Logging in from other places

Postby clairne » Sun Apr 19, 2015 12:00 pm

I would like to be informed if someone tries to log-in to my account while I am logged-in. I think that auto log-out is not a good option. Also B shouldn't be able to log-out A, in my opinion. I voted Other.

I think the client should send me an e-mail if there was an attempt to log-in from a new IP adress. Or at least I should be able to check manually the IP address to see whether there was attempt to log-in to my account from a new IP or not. Something like Facebook has(although fb alerts me whenever I log-in from new browser).
Or could you make something to prevent changing passwords easily, please? Something like Steam has: if you want to change your account password, you have to confirm it through e-mail. So if someone logs-in to your AGNIM account, they can't change the password unless they can log-in also in your e-mail.
User avatar
Doctor Azo
Head Admin
Head Admin
Posts: 2870
Joined: Tue Jun 17, 2014 1:02 am
Location: SW England, UK
Medals: 6
Referrer AGN's MC player AGN's TF2 player First year AGNer Kiloposter HoW access
Has Liked: 171 posts
Liked for: 1189 posts

Re: Logging in from other places

Postby Doctor Azo » Fri Apr 24, 2015 1:44 am

The problem with not letting you log in elsewhere is if you've logged in from another device that gets taken over by someone else or you forget to log out from a shared device, that account will be at mercy of whoever else and you wouldn't be able to do anything about it.

Although one shouldn't use a public computer, one should at least be able to log themselves out.
Community Rules | Newcomer FAQ | Our MC server FAQ | Our TF2 server FAQ
Need help with AGN? Check out the Tech forum.
Drop in suggestions or complaints in Suggestions forum.
Is it a private matter? PM me!
AGN's Twitter: @AceGamersNetwrk

"Creativity is intelligence having fun." - Albert Einstein
User avatar
ChaoticPrecision
Regular
Regular
Posts: 177
Joined: Wed Nov 05, 2014 6:35 pm
Medals: 2
First year AGNer HoW access
Has Liked: 45 posts
Liked for: 95 posts

Re: Logging in from other places

Postby ChaoticPrecision » Fri Apr 24, 2015 4:36 am

With your latest comment I'm curious whether you're looking at this as being device specific or ip specific. Very often i'm logged into steam from my computer and phone at the same time, same ip with wifi but its nice to be able to instantly pick up and continue a conversation if i need to move around.
Image
User avatar
Doctor Azo
Head Admin
Head Admin
Posts: 2870
Joined: Tue Jun 17, 2014 1:02 am
Location: SW England, UK
Medals: 6
Referrer AGN's MC player AGN's TF2 player First year AGNer Kiloposter HoW access
Has Liked: 171 posts
Liked for: 1189 posts

Re: Logging in from other places

Postby Doctor Azo » Fri Apr 24, 2015 4:50 am

It isn't just IP and device specific but also application specific.

Login sessions are connection specific, which are tied to the network library (which is a mostly-self-managed open source library that utilizes .NET's networking assembly) connections themselves. If it wasn't, then anyone could (in theory) hijack the session. With the current design, which is already implemented, connections cannot be hijacked even with the same IP address, at least in practice.

When you want to log on from another device or application instance, the server must logout the other first.

Multi logins would make things very messy and would greatly postpone AGNIM's readiness again.
Community Rules | Newcomer FAQ | Our MC server FAQ | Our TF2 server FAQ
Need help with AGN? Check out the Tech forum.
Drop in suggestions or complaints in Suggestions forum.
Is it a private matter? PM me!
AGN's Twitter: @AceGamersNetwrk

"Creativity is intelligence having fun." - Albert Einstein
User avatar
Doctor Azo
Head Admin
Head Admin
Posts: 2870
Joined: Tue Jun 17, 2014 1:02 am
Location: SW England, UK
Medals: 6
Referrer AGN's MC player AGN's TF2 player First year AGNer Kiloposter HoW access
Has Liked: 171 posts
Liked for: 1189 posts

Re: Logging in from other places

Postby Doctor Azo » Sat May 13, 2017 8:43 pm

Here's what I'm going to do (and started on) so far: If the account is currently logged in the server will tell the new successfully authenticated client that, which'll present a prompt asking if they would like to kick the former off to log in or cancel. There will be an option however to do this automatically in the settings. Should the latter client cancel, a gentle but noticeable message will be made on the former client anyway to alert them to any successful hack attempts. If the former is the unauthorised member then alerting this would be the least the user's concerns especially considering most hackers would change the password quickly after logging in anyway.

Sound good?

I can see the vast majority of cases this will happen will be by the legitimate member, but if AGNIM flourishes in popularity it'll only be a matter of time before spammers or scammers endeavour to infiltrate, or at least the vengeful enemies/ex-friends or intrusive family/room-mates take advantage.
Community Rules | Newcomer FAQ | Our MC server FAQ | Our TF2 server FAQ
Need help with AGN? Check out the Tech forum.
Drop in suggestions or complaints in Suggestions forum.
Is it a private matter? PM me!
AGN's Twitter: @AceGamersNetwrk

"Creativity is intelligence having fun." - Albert Einstein
User avatar
dykath
Jr. Community Manager
Jr. Community Manager
Posts: 1843
Joined: Mon Feb 08, 2016 5:25 am
Location: Laniakea, Milky Way, Sol system, Earth
Medals: 7
Referrer AGN's MC player Nothing personal boss! AGN's TF2 player Kiloposter HoW access
Bug finder
Has Liked: 208 posts
Liked for: 652 posts
Contact:

Re: Logging in from other places

Postby dykath » Sun May 14, 2017 7:34 am

now question will agnim be part of the AGN site account like say a hacker is A and you B try logging on but can't because the hacker has already changed the password. would this affect your main AGN account or would they be the same thing like would changing your AGNim password change your main account password or are they separate entities?
I ask this because it would make it so much harder to hack the main site if the AGNim credentials are different than those of the main site?
if you have yet to think of that doc just some food for thought. :SBthumbsup
I am who I am I don't need nor want a label I simply am who I am and your approval is not needed nor wanted I am me and me is pretty awesome.
the state of your life is nothing more than a reflection of your state of mind
If you never look up you will never see the sky, It may be raining but there is a rainbow above you
User avatar
Doctor Azo
Head Admin
Head Admin
Posts: 2870
Joined: Tue Jun 17, 2014 1:02 am
Location: SW England, UK
Medals: 6
Referrer AGN's MC player AGN's TF2 player First year AGNer Kiloposter HoW access
Has Liked: 171 posts
Liked for: 1189 posts

Re: Logging in from other places

Postby Doctor Azo » Sun May 14, 2017 8:01 am

It's entirely separate. The way .NET creates the hash is different from PHP so it's not even possible to authenticate through the same process, and giving users the choice to have a different password can reduce the damage with compromised accounts. So if one does use the same password the hashes will not match especially considering they're "salted" differently too. It also allows different databases and database accounts to be used, which is securer.
Community Rules | Newcomer FAQ | Our MC server FAQ | Our TF2 server FAQ
Need help with AGN? Check out the Tech forum.
Drop in suggestions or complaints in Suggestions forum.
Is it a private matter? PM me!
AGN's Twitter: @AceGamersNetwrk

"Creativity is intelligence having fun." - Albert Einstein

Return to “Development and Feature Requests”

Who is online

Users browsing this forum: No registered users and 1 guest