Steam updated their login flow

[gud]

Steam has updated their login flow, and now it seems logging in doesn't work as intended. When using "community.login" and using the session id and cookies given by that to send a httpRequestPost now throws an error.

 

Steam returns: You must be logged in to perform that action.

 

Is there any fix for this?

[Dr. McKay]

This is a known issue, see: https://github.com/DoctorMcKay/node-steamcommunity/issues/321

community.login isn't going to work until I can finish the v4 rewrite. Until then, you can either use steam-session or steam-user to get login cookies for use with steamcommunity.

[Terry]

Sir, looks like the domain checkout.steampowered.com cannot use the steamLoginSecure cookie for a long time since yesterday's update. Is there any way to keep the login status for this domain?

[gud]

2 hours ago, Dr. McKay said:

This is a known issue, see: https://github.com/DoctorMcKay/node-steamcommunity/issues/321

community.login isn't going to work until I can finish the v4 rewrite. Until then, you can either use steam-session or steam-user to get login cookies for use with steamcommunity.

I tried using steam-user and httpRequestPost still returns the same error as before?

I'm using the cookies and session id from steam-user in the headers I am passing

 

                        const user = new SteamUser({
                            httpProxy: proxyString
                        });

			user.logOn({
                            accountName: String(logOnOptions.accountName),
                            password: String(logOnOptions.password)
                        });

			user.on('loggedOn', function() {
                        	user.on('webSession', (sessionID, cookies) => {
                            		community.httpRequestPost('https://steamcommunity.com/actions/ReportAbuse/', {
                                    		form: { sessionid: sessionID, json: 1, abuseID: steam_id, eAbuseType: 14, abuseDescription: 					hijackQuotes[randomIndex], ingameAppID: '' },
                                    		headers: { Cookie: cookies, Host: 'steamcommunity.com', Origin: 'https://steamcommunity.com' },
                                    		json: true
                                }, (err, response, body) => {
                                   //Here body returns: You must be logged in to perform that action
                                   //And err returns "HTTP error 401"
                                }, "steamcommunity");
                            });
                        });

 

Edited October 20, 2023 by gud

[Dr. McKay]

3 hours ago, Terry said:

Sir, looks like the domain checkout.steampowered.com cannot use the steamLoginSecure cookie for a long time since yesterday's update. Is there any way to keep the login status for this domain?

Works fine for me.

1 hour ago, gud said:

I tried using steam-user and httpRequestPost still returns the same error as before?

I'm using the cookies and session id from steam-user in the headers I am passing

 

                        const user = new SteamUser({
                            httpProxy: proxyString
                        });

			user.logOn({
                            accountName: String(logOnOptions.accountName),
                            password: String(logOnOptions.password)
                        });

			user.on('loggedOn', function() {
                        	user.on('webSession', (sessionID, cookies) => {
                            		community.httpRequestPost('https://steamcommunity.com/actions/ReportAbuse/', {
                                    		form: { sessionid: sessionID, json: 1, abuseID: steam_id, eAbuseType: 14, abuseDescription: 					hijackQuotes[randomIndex], ingameAppID: '' },
                                    		headers: { Cookie: cookies, Host: 'steamcommunity.com', Origin: 'https://steamcommunity.com' },
                                    		json: true
                                }, (err, response, body) => {
                                   //Here body returns: You must be logged in to perform that action
                                   //And err returns "HTTP error 401"
                                }, "steamcommunity");
                            });
                        });

 

Why are you doing all that and not just calling community.setCookies()?

[Terry]

 

I tried to use cookie login method (maybe 2 days ago logged in) to login .

A

then I tried below code. Event 'loggedOn' tried succes , but event 'webSession' cannot be emitted. any ideas?

[Dr. McKay]

npm update

[Terry]

It doesn't work to get the refreshed cookie steamLoginSecure for checkout.steampowered.com .  If logged in by username , password and sharedsecret. it works.

But it worked for both methods 2 days ago. 

Env

node v20.8.1,  npm 10.1.0

[gud]

On 10/20/2023 at 6:56 AM, Dr. McKay said:

Works fine for me.

Why are you doing all that and not just calling community.setCookies()?

Yea, I tried using setCookies but it made no differance

Versions im using from NPM:

steam-user 5.0.1

steamcommunity 3.47.0

Node: v16.20.0

NPM: 8.19.4

Edited October 21, 2023 by gud

[Dr. McKay]

19 hours ago, Terry said:

It doesn't work to get the refreshed cookie steamLoginSecure for checkout.steampowered.com .  If logged in by username , password and sharedsecret. it works.

But it worked for both methods 2 days ago. 

Env

node v20.8.1,  npm 10.1.0

Works fine for me.

17 hours ago, gud said:

...

I'm not going to provide support for automated abuse reporting.

[gud]

6 hours ago, Dr. McKay said:

Works fine for me.

I'm not going to provide support for automated abuse reporting.

We ban cheaters that have bought accounts

[Dr. McKay]

Don't care.