gj13100 Posted August 3, 2017 Report Share Posted August 3, 2017 Hie there, I am facing problem of expiration of cookies and session id after 2 days when I used Mobile authentication steam account into my bot and after expiration i have to manually input the 2 factor code into my bot in order to get cookies and session id again . I am using this PHP script (https://github.com/SzymonLisowiec/php-steamlogin) because i am developing this website in PHP WordPress(hope that doesn't create any problem to answer you). I want to know that is this node library will solve this problem of cookies and session id ????? What i need is , bot will login with my steam account (merchant account) and automatically generate authcode , input it automatically and get cookies and session id. Also update those cookies and session id if they expire.. could i achieve this using your library ???? Any help will be appreciated. Thank you Quote Link to comment Share on other sites More sharing options...
Dr. McKay Posted August 3, 2017 Report Share Posted August 3, 2017 This may help you: https://dev.doctormckay.com/topic/365-cookies/ Quote Link to comment Share on other sites More sharing options...
gj13100 Posted August 4, 2017 Author Report Share Posted August 4, 2017 I am developing steam website for the first time. My development language is PHP . I have read this topic , I have done as exact as defined there. I am saving cookies and session id into database and using those to send tradeoffer. I am not using any script / library to send tradeoffer . Simply using curl to send tradeoffer and after 2 days this cookies don't work. this is my code to send tradeoffer. function makeOffer($sessionId, $cookies, $partner, $message = '', $token, $assetid_them, $steam_id) {$type = 'POST';$url = 'https://steamcommunity.com/tradeoffer/new/send';$data= array ('sessionid' => $sessionId,'serverid' => '1','partner' => $steam_id,'tradeoffermessage' => $message,'trade_offer_create_params' => '{"trade_offer_access_token": "'.$token.'"}','json_tradeoffer' => '{"newversion":true,"version":2,"me":{"assets":[],"currency":[],"ready":false},"them":{"assets":['.$assetid_them.'],"currency":[],"ready":false}}');$c = curl_init();curl_setopt($c, CURLOPT_HEADER, false);curl_setopt($c, CURLOPT_NOBODY, false);curl_setopt($c, CURLOPT_URL, $url);curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 0);curl_setopt($c, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)");curl_setopt($c, CURLOPT_COOKIE, $cookies);curl_setopt($c, CURLOPT_POST, 1);curl_setopt($c, CURLOPT_POSTFIELDS, http_build_query($data));curl_setopt($c, CURLOPT_RETURNTRANSFER, true);curl_setopt($c, CURLOPT_HTTPHEADER, array('Referer: https://steamcommunity.com/tradeoffer/new/?partner='.$partner.'&token='.$token));curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($c, CURLOPT_CUSTOMREQUEST, strtoupper($type));$return = curl_exec($c);curl_close($c);return $return;} I am stuck at this moment If you could help me with some stuff or any suggestion , deeply appreciated. Thank you Quote Link to comment Share on other sites More sharing options...
drizz Posted August 4, 2017 Report Share Posted August 4, 2017 I am not sure if I am missing something here, but why don't you just relog to get new cookies + sessionid when they expire? Quote Link to comment Share on other sites More sharing options...
gj13100 Posted August 8, 2017 Author Report Share Posted August 8, 2017 I can relog to get new cookies and session id but only manually I have to get the code from mobile device and input it into my bot. That can't happen , i want it automated , I can't place a person who manually login into bot after every 2 days, I have developed a CSGO skins selling and buying website, but now stucked into the expiration of cookies :-| Quote Link to comment Share on other sites More sharing options...
Axle Posted August 8, 2017 Report Share Posted August 8, 2017 I can relog to get new cookies and session id but only manually I have to get the code from mobile device and input it into my bot. That can't happen , i want it automated , I can't place a person who manually login into bot after every 2 days, I have developed a CSGO skins selling and buying website, but now stucked into the expiration of cookies :-|If you know the shared_secret you can automatically generate it using mcKay's steam-totp library. I would assume you already have this because you need identity_secret to accept confirmations automatically for trade offers. Quote Link to comment Share on other sites More sharing options...
gj13100 Posted August 9, 2017 Author Report Share Posted August 9, 2017 (edited) I don't know any thing about " shared_secret " , It would be great if you could provide a little more info about shared_secret For now I have installed the SteamDesktopAuthenticator application and able to generate the authcode automatically , but i don't know how could i get this authcode into my bot automatically ??(I think this is important you to know that i am developing this website in php). And I don't need to accept tradeoffers automatically , because I am sending tradeoffer to users and they will accept and automatically users skins exchanged as gift, right ????? so I also don't have any idea about " identity_secret " I you have any suggestions please give , it will worth a lot for me. Edited August 9, 2017 by gj13100 Quote Link to comment Share on other sites More sharing options...
gj13100 Posted August 9, 2017 Author Report Share Posted August 9, 2017 (edited) I don't know any thing about " shared_secret " , It would be great if you could provide a little more info about shared_secret For now I have installed the SteamDesktopAuthenticator application and able to generate the authcode automatically , but i don't know how could i get this authcode into my bot automatically ??(I think this is important you to know that i am developing this website in php). And I don't need to accept tradeoffers automatically , because I am sending tradeoffer to users and they will accept and automatically users skins exchanged as gift, right ????? so I also don't have any idea about " identity_secret " I you have any suggestions please give , it will worth a lot for me. I got some info and how to get the shared_secret (https://github.com/DoctorMcKay/node-steam-user#enabletwofactorcallback). But this a node library , I am developing it into php. I also got the php library to generate 2FA code using https://github.com/DoctorMcKay/php-steam-totp (thanks to your reply). The only thing is , how do i get this shared_secret key in php and is this only for one time, I mean first time generated shared_secret will work for long time?? or this would also expire some day ??? In your desktop application >> manifiest.json file contain a json parameter called " encryption_iv " is this a shared_secret key ??? Sorry for this much questions but i am newbiee to this. Edited August 9, 2017 by gj13100 Quote Link to comment Share on other sites More sharing options...
Axle Posted August 9, 2017 Report Share Posted August 9, 2017 I got some info and how to get the shared_secret (https://github.com/DoctorMcKay/node-steam-user#enabletwofactorcallback). But this a node library , I am developing it into php. I also got the php library to generate 2FA code using https://github.com/DoctorMcKay/php-steam-totp (thanks to your reply). The only thing is , how do i get this shared_secret key in php and is this only for one time, I mean first time generated shared_secret will work for long time?? or this would also expire some day ??? In your desktop application >> manifiest.json file contain a json parameter called " encryption_iv " is this a shared_secret key ??? Sorry for this much questions but i am newbiee to this. Shared_secret never changes unless you reset the mobile device for steam as far as I can tell. I've had the same identity_secret and shared_secret since I extracted them from when it was introduced. I don't use the Desktop authenticator, but apparently this is how you extract them: https://github.com/Jessecar96/SteamDesktopAuthenticator/issues/141 Shared_secret is the seed on your account used for generating login codes. Identity_secret is used for handling confirmations (when you send or a receive a tradeoffer that includes any of your items and you want to accept/send, you normally need to confirm on your mobile). Quote Link to comment Share on other sites More sharing options...
gj13100 Posted August 10, 2017 Author Report Share Posted August 10, 2017 Shared_secret never changes unless you reset the mobile device for steam as far as I can tell. I've had the same identity_secret and shared_secret since I extracted them from when it was introduced. I don't use the Desktop authenticator, but apparently this is how you extract them: https://github.com/Jessecar96/SteamDesktopAuthenticator/issues/141 Shared_secret is the seed on your account used for generating login codes. Identity_secret is used for handling confirmations (when you send or a receive a tradeoffer that includes any of your items and you want to accept/send, you normally need to confirm on your mobile).Thanks for your reply , means a lot to me. Now i got the authcode and i can run my bot automatically. :-) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.