Jump to content


Photo

Cookies and session expiration


  • Please log in to reply
9 replies to this topic

#1 gj13100

gj13100

    Newbie

  • Member
  • Pip
  • 7 posts

Posted 03 August 2017 - 12:42 AM

Hie there,

 

 

I am facing problem of expiration of cookies and session id after 2 days  when I used Mobile authentication steam account into my bot and after expiration i have to manually input the 2 factor code into my bot in order to get cookies and session id again . I am using this PHP script (https://github.com/S.../php-steamlogin) because i am developing this website in PHP WordPress(hope that doesn't create any problem to answer you). 

 

I want to know that is this node library will solve this problem of cookies and session id ?????

 

What i need is , bot will login with my steam account (merchant account) and automatically generate authcode , input it automatically and get cookies and session id. Also update those cookies and session id if they expire..

 

 

could i achieve this using your library ????

 

 

 

Any help will be appreciated. 

 

Thank you 



#2 Dr. McKay

Dr. McKay

    Developer

  • Administrator
  • 1,282 posts

Posted 03 August 2017 - 03:49 PM

This may help you: https://dev.doctormc...ic/365-cookies/



#3 gj13100

gj13100

    Newbie

  • Member
  • Pip
  • 7 posts

Posted 04 August 2017 - 02:33 AM

I am developing steam website for the first time. My development language is PHP .
 
I have read this topic , I have done as exact as defined there.
 
I am saving cookies and session id into database and using those to send tradeoffer. I am not using any script / library to send tradeoffer . Simply using curl to send tradeoffer and after 2 days this cookies don't work. 
 
this is my code to send tradeoffer.

 

function makeOffer($sessionId, $cookies, $partner, $message = '', $token, $assetid_them, $steam_id) {

$type = 'POST';
$url = 'https://steamcommuni...ffer/new/send';
$data= array (
'sessionid' => $sessionId,
'serverid' => '1',
'partner' => $steam_id,
'tradeoffermessage' => $message,
'trade_offer_create_params' => '{"trade_offer_access_token": "'.$token.'"}',
'json_tradeoffer' => '{"newversion":true,"version":2,"me":{"assets":[],"currency":[],"ready":false},"them":{"assets":['.$assetid_them.'],"currency":[],"ready":false}}'
);


$c = curl_init();
curl_setopt($c, CURLOPT_HEADER, false);
curl_setopt($c, CURLOPT_NOBODY, false);
curl_setopt($c, CURLOPT_URL, $url);
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($c, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)");
curl_setopt($c, CURLOPT_COOKIE, $cookies);
curl_setopt($c, CURLOPT_POST, 1);
curl_setopt($c, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
curl_setopt($c, CURLOPT_HTTPHEADER, array('Referer: https://steamcommuni...ken='.$token));
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($c, CURLOPT_CUSTOMREQUEST, strtoupper($type));
$return = curl_exec($c);
curl_close($c);


return $return;

}

 

 

I am stuck at this moment If you could help me with some stuff or any suggestion , deeply appreciated. 

 

Thank you 



#4 drizz

drizz

    Newbie

  • Member
  • Pip
  • 5 posts

Posted 04 August 2017 - 01:17 PM

I am not sure if I am missing something here, but why don't you just relog to get new cookies + sessionid when they expire?



#5 gj13100

gj13100

    Newbie

  • Member
  • Pip
  • 7 posts

Posted 08 August 2017 - 08:28 AM

I can relog to get new cookies and session id but only manually I have to get the code from mobile device and input it into my bot.

 

That can't happen , i want it automated , I can't place a person who manually login into bot after every 2 days, I have developed a CSGO skins selling and buying website, but now stucked into the expiration of cookies :-|



#6 Axle

Axle

    Newbie

  • Member
  • Pip
  • 4 posts

Posted 08 August 2017 - 04:52 PM

I can relog to get new cookies and session id but only manually I have to get the code from mobile device and input it into my bot.

 

That can't happen , i want it automated , I can't place a person who manually login into bot after every 2 days, I have developed a CSGO skins selling and buying website, but now stucked into the expiration of cookies :-|

If you know the shared_secret you can automatically generate it using mcKay's steam-totp library. I would assume you already have this because you need identity_secret to accept confirmations automatically for trade offers.



#7 gj13100

gj13100

    Newbie

  • Member
  • Pip
  • 7 posts

Posted 09 August 2017 - 06:34 AM

I don't know any thing about " shared_secret " -_-  , It would be great if you could provide a little more info about shared_secret 

For now I have installed the SteamDesktopAuthenticator application and able to generate the authcode automatically , but i don't know how could i get this authcode into my bot automatically ??(I think this is important you to know that i am developing this website in php).

 

And I don't need to accept tradeoffers automatically , because I am sending tradeoffer to users and they will accept and automatically users skins exchanged as gift, right ?????

 

so I also don't have any idea about " identity_secret  "   :(

 

I you have any suggestions please give , it will worth a lot for me.  :)


Edited by gj13100, 09 August 2017 - 06:36 AM.


#8 gj13100

gj13100

    Newbie

  • Member
  • Pip
  • 7 posts

Posted 09 August 2017 - 07:28 AM

I don't know any thing about " shared_secret " -_-  , It would be great if you could provide a little more info about shared_secret 

For now I have installed the SteamDesktopAuthenticator application and able to generate the authcode automatically , but i don't know how could i get this authcode into my bot automatically ??(I think this is important you to know that i am developing this website in php).

 

And I don't need to accept tradeoffers automatically , because I am sending tradeoffer to users and they will accept and automatically users skins exchanged as gift, right ?????

 

so I also don't have any idea about " identity_secret  "   :(

 

I you have any suggestions please give , it will worth a lot for me.  :)

I got some info and how to get the shared_secret (https://github.com/D...ofactorcallback). But this a node library , I am developing it into php. I also got the php library  to generate 2FA code using https://github.com/DoctorMcKay/php-steam-totp (thanks to your reply). The only thing is , how do i get this shared_secret key in php and is this only for one time, I mean first time generated shared_secret will work for long time?? or this would also expire some day ???

 

In your desktop application >> manifiest.json file contain a json parameter called " encryption_iv " is this a shared_secret key ???

 

Sorry for this much questions but i am newbiee to this.  :unsure:


Edited by gj13100, 09 August 2017 - 07:43 AM.


#9 Axle

Axle

    Newbie

  • Member
  • Pip
  • 4 posts

Posted 09 August 2017 - 10:59 AM

I got some info and how to get the shared_secret (https://github.com/D...ofactorcallback). But this a node library , I am developing it into php. I also got the php library  to generate 2FA code using https://github.com/DoctorMcKay/php-steam-totp (thanks to your reply). The only thing is , how do i get this shared_secret key in php and is this only for one time, I mean first time generated shared_secret will work for long time?? or this would also expire some day ???

 

In your desktop application >> manifiest.json file contain a json parameter called " encryption_iv " is this a shared_secret key ???

 

Sorry for this much questions but i am newbiee to this.  :unsure:

Shared_secret never changes unless you reset the mobile device for steam as far as I can tell. I've had the same identity_secret and shared_secret since I extracted them from when it was introduced. I don't use the Desktop authenticator, but apparently this is how you extract them: https://github.com/J...tor/issues/141 

 

Shared_secret is the seed on your account used for generating login codes. Identity_secret is used for handling confirmations (when you send or a receive a tradeoffer that includes any of your items and you want to accept/send, you normally need to confirm on your mobile).



#10 gj13100

gj13100

    Newbie

  • Member
  • Pip
  • 7 posts

Posted 10 August 2017 - 01:42 AM

Shared_secret never changes unless you reset the mobile device for steam as far as I can tell. I've had the same identity_secret and shared_secret since I extracted them from when it was introduced. I don't use the Desktop authenticator, but apparently this is how you extract them: https://github.com/J...tor/issues/141 

 

Shared_secret is the seed on your account used for generating login codes. Identity_secret is used for handling confirmations (when you send or a receive a tradeoffer that includes any of your items and you want to accept/send, you normally need to confirm on your mobile).

Thanks for your reply , means a lot to me. Now i got the authcode and i can run my bot automatically. :-)






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users