Search the database

Search forum topics

Search members

Search for trades

diablo2.io is supported by ads

diablo2.io is supported by ads

Account creation session hijack bug

1 reply 3507 views

2

Description

Device:
Browser:
OS:

Steps to reproduce:

1. Create account
2. Get redirected to the front page
3. Notice sid is in the URL. This is not secure since I could copy and paste this link not knowing it's my session id. Someone could hijack my session.

Anything else to add:

5

Can be used to make Runewords:

7

Auxis `0`

4 years ago (pre-Resurrected)

4 years ago (pre-Resurrected)

Device:
Browser:
OS:

Steps to reproduce:

1. Create account
2. Get redirected to the front page
3. Notice sid is in the URL. This is not secure since I could copy and paste this link not knowing it's my session id. Someone could hijack my session.

Anything else to add:

Fixedby Teebling • 4 years ago•Go to post

Auxis wrote: 4 years ago
3. Notice sid is in the URL. This is not secure since I could copy and paste this link not knowing it's my session id. Someone could hijack my session.

SIDs have been in phpBB topic urls for 20 years and more. If there was a security concern about this I think they would have changed it by then.

7

Teebling `8401`Admin

4 years ago (pre-Resurrected)

4 years ago (pre-Resurrected)

Auxis wrote: 4 years ago
3. Notice sid is in the URL. This is not secure since I could copy and paste this link not knowing it's my session id. Someone could hijack my session.

SIDs have been in phpBB topic urls for 20 years and more. If there was a security concern about this I think they would have changed it by then.

This post was marked as the fix.

Donate diablo2.io administrator • Development Log • Site Tips & Tricks

8

Similar pages

How many hours do you play per week and what do you consider a successful session?

Last post by

Zero187

« 3 years ago
Posted in Forums
Replies: 15
by

mikeyaaahhh

» 3 years ago » in Forums

15 Replies

27236 Views

Last post by

Zero187

3 years ago
Is anyone else getting login session expired errors with battle.net

Last post by

Deleted User 77308

« 2 years ago
Posted in Forums
Replies: 9
by

Deleted User 77308

» 2 years ago » in Forums

9 Replies

12118 Views

Last post by

Deleted User 77308

2 years ago
How will online game creation change in Resurrected?

Last post by

Stormlash

« 4 years ago
Posted in Forums

by

Stormlash

» 4 years ago » in Forums

0 Replies

1992 Views

Last post by

Stormlash

4 years ago
What does the character creation screen look like?

Last post by

Stormlash

« 4 years ago
Posted in Forums

by

Stormlash

» 4 years ago » in Forums

0 Replies

3672 Views

Last post by

Stormlash

4 years ago
Will you delete your char to start ladder if blizzard doesn’t up char creation limit?
Last post by

Schnorki

« 3 years ago
Posted in Forums
Replies: 40
by

Turbocharged-Z

» 4 years ago » in Forums

1

2

3
40 Replies

12488 Views

Last post by

Schnorki

3 years ago
Game Creation Issues

Last post by

Tatoomba

« 3 years ago
Posted in Forums
Replies: 6
by

FanciestCrab

» 3 years ago » in Forums

6 Replies

1186 Views

Last post by

Tatoomba

3 years ago

9

Advertisment

999

Greetings stranger!

You don't appear to be logged in...

99

Who is online

Users browsing Bug Reports: No registered users and 18 guests.

No matches

999

Latest discussion

999

Online Terror Zones

Current:

Tal Rasha's Tomb

Next:

Pit Level 1

Pit Level 2

View tracker

999

Random entries

Browse database

999

Register an account

Start trading, earning trust, and levelling up. Get avatars, likes, bookmarks and more with an account! :)

Register

999

Found a bug or glitch?

If something looks broken please let me know so I can fix it :)

Report Bug

999

Supportdiablo2.io

You can donate to the site to help support the future of diablo2.io. Donating hides all ads forever.

Make a Donation

Database

Uniques

Runewords

Sets

Base

Recipes

Misc

Areas

Monsters

Skills

Quests

NPCs

Trade

Trade Market

Browse Trades

Search Trades

Price Check

New Trade

My Stash

Trade Stats

Rules & Tips

Forums

D2 General

Feedback

Bug Reports

Contribs

Patch Notes

Dclone

Dclone Tracker

Dclone Guide

Help me kill!

SoJ Trades

SoJ Prices

Public API

d2emu

Tzones

Tzone Tracker

Tzone Guide

Tzone Tier List

Areas DB

d2emu

Tools

D2 Tools

Holy Grail

Skill Trees

Larzuk Sockets

Attack Speed

Useful Links

About

About diablo2.io

Members

The Team

Credits

Contact

Donate

Discord

You haven't specified which diablo2.io user you completed this trade with. This means that you will not be able to exchange trust.

Are you sure you want to continue?

Yes, continue without username
No, I will specify a username

Choose which dclone tracking options you want to see in this widget:

Value:

Hide ads forever by supporting the site with a donation.

Greetings adblocker...

Warriv asks that you consider disabling your adblocker when using diablo2.io

Ad revenue helps keep the servers going and supports me, the site's creator :)

A one-time donation hides all ads, forever:
Make a donation

Please don't use the # symbol.
Please don't use your Battle.net ID as your username.

If you use a fake email address, that's fine, but you will NOT be able to recover your password or receive trade notifications by email.

Do NOT use the same password as your Battle.net account!

Please don't use a Battle.net ID that has spaces in its username portion.