gj13100 Posted August 3, 2017 Report Posted August 3, 2017 Hie there, I am facing problem of expiration of cookies and session id after 2 days when I used Mobile authentication steam account into my bot and after expiration i have to manually input the 2 factor code into my bot in order to get cookies and session id again . I am using this PHP script (https://github.com/SzymonLisowiec/php-steamlogin) because i am developing this website in PHP WordPress(hope that doesn't create any problem to answer you). I want to know that is this node library will solve this problem of cookies and session id ????? What i need is , bot will login with my steam account (merchant account) and automatically generate authcode , input it automatically and get cookies and session id. Also update those cookies and session id if they expire.. could i achieve this using your library ???? Any help will be appreciated. Thank you Quote
Dr. McKay Posted August 3, 2017 Report Posted August 3, 2017 This may help you: https://dev.doctormckay.com/topic/365-cookies/ Quote
gj13100 Posted August 4, 2017 Author Report Posted August 4, 2017 I am developing steam website for the first time. My development language is PHP . I have read this topic , I have done as exact as defined there. I am saving cookies and session id into database and using those to send tradeoffer. I am not using any script / library to send tradeoffer . Simply using curl to send tradeoffer and after 2 days this cookies don't work. this is my code to send tradeoffer. function makeOffer($sessionId, $cookies, $partner, $message = '', $token, $assetid_them, $steam_id) {$type = 'POST';$url = 'https://steamcommunity.com/tradeoffer/new/send';$data= array ('sessionid' => $sessionId,'serverid' => '1','partner' => $steam_id,'tradeoffermessage' => $message,'trade_offer_create_params' => '{"trade_offer_access_token": "'.$token.'"}','json_tradeoffer' => '{"newversion":true,"version":2,"me":{"assets":[],"currency":[],"ready":false},"them":{"assets":['.$assetid_them.'],"currency":[],"ready":false}}');$c = curl_init();curl_setopt($c, CURLOPT_HEADER, false);curl_setopt($c, CURLOPT_NOBODY, false);curl_setopt($c, CURLOPT_URL, $url);curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 0);curl_setopt($c, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)");curl_setopt($c, CURLOPT_COOKIE, $cookies);curl_setopt($c, CURLOPT_POST, 1);curl_setopt($c, CURLOPT_POSTFIELDS, http_build_query($data));curl_setopt($c, CURLOPT_RETURNTRANSFER, true);curl_setopt($c, CURLOPT_HTTPHEADER, array('Referer: https://steamcommunity.com/tradeoffer/new/?partner='.$partner.'&token='.$token));curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($c, CURLOPT_CUSTOMREQUEST, strtoupper($type));$return = curl_exec($c);curl_close($c);return $return;} I am stuck at this moment If you could help me with some stuff or any suggestion , deeply appreciated. Thank you Quote
drizz Posted August 4, 2017 Report Posted August 4, 2017 I am not sure if I am missing something here, but why don't you just relog to get new cookies + sessionid when they expire? Quote
gj13100 Posted August 8, 2017 Author Report Posted August 8, 2017 I can relog to get new cookies and session id but only manually I have to get the code from mobile device and input it into my bot. That can't happen , i want it automated , I can't place a person who manually login into bot after every 2 days, I have developed a CSGO skins selling and buying website, but now stucked into the expiration of cookies :-| Quote
Axle Posted August 8, 2017 Report Posted August 8, 2017 I can relog to get new cookies and session id but only manually I have to get the code from mobile device and input it into my bot. That can't happen , i want it automated , I can't place a person who manually login into bot after every 2 days, I have developed a CSGO skins selling and buying website, but now stucked into the expiration of cookies :-|If you know the shared_secret you can automatically generate it using mcKay's steam-totp library. I would assume you already have this because you need identity_secret to accept confirmations automatically for trade offers. Quote
gj13100 Posted August 9, 2017 Author Report Posted August 9, 2017 (edited) I don't know any thing about " shared_secret " , It would be great if you could provide a little more info about shared_secret For now I have installed the SteamDesktopAuthenticator application and able to generate the authcode automatically , but i don't know how could i get this authcode into my bot automatically ??(I think this is important you to know that i am developing this website in php). And I don't need to accept tradeoffers automatically , because I am sending tradeoffer to users and they will accept and automatically users skins exchanged as gift, right ????? so I also don't have any idea about " identity_secret " I you have any suggestions please give , it will worth a lot for me. Edited August 9, 2017 by gj13100 Quote
gj13100 Posted August 9, 2017 Author Report Posted August 9, 2017 (edited) I don't know any thing about " shared_secret " , It would be great if you could provide a little more info about shared_secret For now I have installed the SteamDesktopAuthenticator application and able to generate the authcode automatically , but i don't know how could i get this authcode into my bot automatically ??(I think this is important you to know that i am developing this website in php). And I don't need to accept tradeoffers automatically , because I am sending tradeoffer to users and they will accept and automatically users skins exchanged as gift, right ????? so I also don't have any idea about " identity_secret " I you have any suggestions please give , it will worth a lot for me. I got some info and how to get the shared_secret (https://github.com/DoctorMcKay/node-steam-user#enabletwofactorcallback). But this a node library , I am developing it into php. I also got the php library to generate 2FA code using https://github.com/DoctorMcKay/php-steam-totp (thanks to your reply). The only thing is , how do i get this shared_secret key in php and is this only for one time, I mean first time generated shared_secret will work for long time?? or this would also expire some day ??? In your desktop application >> manifiest.json file contain a json parameter called " encryption_iv " is this a shared_secret key ??? Sorry for this much questions but i am newbiee to this. Edited August 9, 2017 by gj13100 Quote
Axle Posted August 9, 2017 Report Posted August 9, 2017 I got some info and how to get the shared_secret (https://github.com/DoctorMcKay/node-steam-user#enabletwofactorcallback). But this a node library , I am developing it into php. I also got the php library to generate 2FA code using https://github.com/DoctorMcKay/php-steam-totp (thanks to your reply). The only thing is , how do i get this shared_secret key in php and is this only for one time, I mean first time generated shared_secret will work for long time?? or this would also expire some day ??? In your desktop application >> manifiest.json file contain a json parameter called " encryption_iv " is this a shared_secret key ??? Sorry for this much questions but i am newbiee to this. Shared_secret never changes unless you reset the mobile device for steam as far as I can tell. I've had the same identity_secret and shared_secret since I extracted them from when it was introduced. I don't use the Desktop authenticator, but apparently this is how you extract them: https://github.com/Jessecar96/SteamDesktopAuthenticator/issues/141 Shared_secret is the seed on your account used for generating login codes. Identity_secret is used for handling confirmations (when you send or a receive a tradeoffer that includes any of your items and you want to accept/send, you normally need to confirm on your mobile). Quote
gj13100 Posted August 10, 2017 Author Report Posted August 10, 2017 Shared_secret never changes unless you reset the mobile device for steam as far as I can tell. I've had the same identity_secret and shared_secret since I extracted them from when it was introduced. I don't use the Desktop authenticator, but apparently this is how you extract them: https://github.com/Jessecar96/SteamDesktopAuthenticator/issues/141 Shared_secret is the seed on your account used for generating login codes. Identity_secret is used for handling confirmations (when you send or a receive a tradeoffer that includes any of your items and you want to accept/send, you normally need to confirm on your mobile).Thanks for your reply , means a lot to me. Now i got the authcode and i can run my bot automatically. :-) Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.