Problems with HOL 2 arghh! help please

[silkworm]

ever since you've updated i can't view any pictures.

i've tried in each browser and still the same result, i've included pics so you can see what i mean, in ie there are just crosses while firefox show nowt

i've disabled the firewall, and all add blocking in firefox etc and its still the same, it all worked perfectly before the update.

I havent noticed this problem on any other sites, i've tried everything, i just don't know what to do, can anyone help ????

bloody computer, its driving me mad
as usual i bet its only me who is having problems

[jmmijo]

It's working for me Silkworm, I use an IE clone called Maxthon and all the screenies show up just fine. I even viewed A-10 Tank Killer like your shots show

Have you tried clearing your Temp Internet Cache folders yet ?!?

[IFW]

It's because cookies and/or referrers are disabled. Enable them for hol's address.

[silkworm]

Quote:

Originally Posted by IFW

It's because cookies and/or referrers are disabled. Enable them for hol's address.

damn it, you're right, i thought i'd done the cookies thing, after all that it was the poxy cookies. God how i hate windows shite, and all this firewall, spywear blocking, browser hijacking crap, it aint like it used to be

anyway thanks for replying chaps.

btw the new HOL looks ace

[RCK]

yes, temp cookie are needed to maintain the HOL session.
Thanks for the quick response IFW

[andreas]

What's so essential about those temp cookies that they're so absolutely needed?
What functionality would be missed in HOL when there would be no temp cookies used at all?

[RCK]

no session cookies = no server session
no server session = no hol2

[derSammler]

I don't like cookies as well. Can't you just attach the session id to the url ?

[RCK]

permanent cookie are needed to save your user preferences.
temporary cookie are needed to save your session informations.
PHP will auto parse session ID in URL if your browser doesn't support temporary cookie.

[Mr Creosote]

Quote:

Originally Posted by RCK

PHP will auto parse session ID in URL if your browser doesn't support temporary cookie.

Don't know, but it doesn't for me. No session information is passed by URL, no images are shown.

[RCK]

I though PHP comportment was that, but it fact, it does not parse SID automatically by default.
Passing SID via URL is one security hole, I won't implement it.

Anyway, I have added a script on the homepage which will tell you is your current browser will work with HOL. If not, simply update to "yes" your per-session cookies parameters.

[andreas]

Quote:

Originally Posted by RCK

I though PHP comportment was that, but it fact, it does not parse SID automatically by default.
Passing SID via URL is one security hole, I won't implement it.

Security hole?
What mischief can be done with a mere *session* ID given by the URL?
I don't get that part.

[derSammler]

Someone could steal the admin session for example. But I don't think this is really a security hole. By default a session gets invalid after one hour, so it's rather safe.

[RCK]

Quote:

Originally Posted by andreas

Security hole?
What mischief can be done with a mere *session* ID given by the URL?
I don't get that part.

I will explain you this over IRC
Anyway I won't change from point of view

[andreas]

Your decision. But frankly, I find it very silly to insist on cookies so stubbornly if so many people have disabled them by default.
And if WindowsKiller - who himself was admin for a decently long period - affirms that it's *no* security hole and of mere marginal importance regarding security, you can safely believe him.
HOL does always have to be very special and thus always requires special treatment, eh?
Maybe overthink your viewpoint again.

My 2 cents.

Whilst I understand the security issues this is HOL2, not HSBC

[Codetapper]

Lots of sites will simply not work without cookies, so I don't understand the big deal. Who disables cookies?

All ASP sites maintain a session using cookies, so presumably if you disable cookies you cannot view any ASP site either.

[andreas]

Quote:

Originally Posted by RCK

I will explain you this over IRC

OK, RCK has now explained the reason why he does that and now I even understand why.

[RCK]

I will resume and conclude the situation:

We had too much leeching with the HOL1 engine.
So to have less bandwitch invoices to paid, I implemented a new protection system against leechers, based on sessions and other secret codez.
To make this working correctly without bringing the session ID into the URL (hackable), you have to use your per-session cookies browser feature.
The per-session cookies are NOT regular cookies, they will just store some temporary informations during the time you are using the website. Those kind of cookies are even stored in ram and/or deleted once your browser is closed.

note: If your browser doesn't allow per-session cookies, you will see a warning on the HOL2 homepage.

Thread closed