 |
 |
WTF: User Wide Site Cookie From Stickam?
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
Here's the scenario: My brother was on my G5 when he got kicked out of a stickam.com channel for saying something silly. He was using my account, my Safari and got a 24 hour ban. I find it amusing and watch as my brother opens my Firefox to try to get back into the room. Still banned. We guess it must be an IP block. Wrong.
My brother logs into his account on the very same G5, with the very same IP address and is able to get right back in the room. Go back to my account and I'm still banned. So here's what I don't get: How does a site apparently embed a user account wide cookie that applies to all browsers? What's going on here? Is it possibly anything other than a cookie? Is it a Java exploit?
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2007
Status:
Offline
|
|
I dunno maybe they marked your account on their servers as banned. So when you log in regardless of the computer/browser you are not able to do anything.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
Oh I should have made that clear: I can open any browser from my account (four year old copy of Mozilla that I never went to stickam with before) and it's banned. It's not a question of being logged in. Somehow it's tracking my OS X user account through a persistent cookie, even though the only browser I actually logged into the site from was Safari. But my brother can go to his user account and go to the room just fine (without logging in).
(Last edited by Big Mac; Feb 21, 2008 at 01:00 PM.
)
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
| |
|
|
|
|
|
|
|
Administrator  Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
Cookies are on a per-user, per-browser basis-this cannot be a cookie issue.
|
|
Glenn -----
OTR/L, MOT, Tx
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
Then it's a Java exploit? Okay I'll tell you where to go, go to http://www.jfsc.tv, login using a stickam account and pester "Eric the Midget" about his relationship with Kendra. Or say something negative about dwarfs or about American Idol, and you'll get kicked, then every browser on your account will remain banned.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
My brother says he thinks the site is Flash based. I guess it's easy to believe it's a Flash security flaw.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
Surely it's stored along with your user record on Stickam's server. There's no good reason they'd store this info client-side.
|
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
No, no, I'm not logging in. I can go to any browser that has never been to the site, and I'm still blocked. I can open Omniweb 4 and it will be blocked.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
Let me get this straight. On your G5:
Not logged in = blocked
Logged in as brother = not blocked
Logged in as you = blocked
Is that right?
|
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status:
Online
|
|
Originally Posted by Chuckit 
Let me get this straight. On your G5:
Not logged in = blocked
Logged in as brother = not blocked
Logged in as you = blocked
Is that right?
I think this is what he means:
Brother was logged into Big Mac's regular user account on the G5 (local Mac OS X account). I assume brother was logged onto stickam with his own stickam account. Brother got banned. Attempting to go to the site under Big Mac's OS X account with any other browser is blocked.
Brother then logs into his own OS X account on Big Mac's machine. He can get to the site with any browser he chooses. He still logs in using his own stickam account.
Unless he was using an account Big Mac has with stickam.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
Preface: On my account I can access stickam.com fine. It's jfsc.tv, which uses stickam, that I'm completely blocked from.
Originally Posted by Chuckit
Let me get this straight. On your G5:
Not logged in = blocked
Logged in as brother = not blocked
Logged in as you = blocked
Is that right?
Sort of. On my account:
not logged in to Stickam site, viewing from any browser = blocked
can't login anyway = blocked
On my brother's account:
not logged in = not blocked
presumably new Stickam account = not blocked.
As for Person Man's post, that's almost exactly right The only inaccuracy in your retelling is in the sentence "He still logs in using his own stickam account." My brother doesn't have to login. He can view the video without doing so. If he logged into the same Stickam account he was using on my user, he would probably get "Kicked" using his user too. But he could probably create a new Stickam account and view the site without a problem
I have verified that any browser I choose when on my account is "Kicked"/banned, whether it's Firefox, Mozilla, Camino or Opera.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
I bet there's a Flash settings file identifying you to the server. Try searching in ~/Library/Preferences/Macromedia for "jfsc" and/or "stickam".
(Last edited by Chuckit; Feb 21, 2008 at 07:29 PM.
)
|
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
Here's where it was: ~/Library/Preferences/Macromedia/Flash\ Player/macromedia.com/support/flashplayer/sys/\player.stickam.com
I didn't realize that's how Flash stored settings. I thought Flash used regular browser cookies. Thank you for figuring it out for me.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
| |
|
|
|
|
|
|
|
Moderator  Join Date: Dec 2000
Location: Polwaristan
Status:
Offline
|
|
Thanks. That's good to know. One more place to clear.
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Nov 2003
Location: The back of the room
Status:
Offline
|
|
Control click on some Flash content (Settings...) and see if disallowing sites to store information locally does any good.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
This thread showed up when searching for JFSC, and apparently as a result they changed where the cookie was stored. Pretty funny stuff.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
