Replies: 3 comments
-
Logging in general is something I've been thinking about as well, we could do a lot there that could be useful. However, the problem with logging IPs and MACs is that by my understanding it's illegal in some countries, like Germany, so in my opinion we should make that optional. And if it's optional, we can't make banning and double login checks depend on it. For double login I would propose a simple bool on the account and/or character table, so we can easily query who is logged in with which character. Since we save characters even on abnormal connection terminations, we should always be able to unset it, unless the server is killed. That information can also easily be used by control panels and the like. (Btw, what happens if you try to double login on ToS? In Mabi there was a prompt like "You're logged in already, request logout?") For banning I think we should ban just the account by default, but with an option to ban MACs and IPs. Although, truth be told, banning either one is pretty useless. In parts of the world, again, like Germany, you rarely even see static IPs, and MACs can easily be changed anyway, so if you're banned you're a router restart, a regedit, and a registration away from playing again. Even with static IPs there are proxies. Banning people for good in a F2P game is really hard. The downside you've mentioned is another reason to make it optional and come up with different solutions to allow for the functionality without it I think. |
Beta Was this translation helpful? Give feedback.
-
This is something I had been thinking about for awhile. The reason I had not done anything yet was because the database must be representative of reality. Most of all the existing queries make use of transactions such that if anything interrupts the process of persistence, the account and data is left in a state that preserves integrity. However, this doesn't apply for the problem we are discussing here. If an exception happens, database fails to update, or the server is incorrectly shutdown, a player could be locked out without manual intervention. One solution could be to reset all of the "logged in" bools on an account table when the server starts up I suppose. |
Beta Was this translation helpful? Give feedback.
-
You are right, the login state update needs to be a separate call/query. On login: A problem is if the server is killed without properly saving the characters. That's why I asked how officials handle that. On Mabinogi, when the server thinks you're online already for some reason, you get a prompt upon login, saying something along the lines of "You're logged in already, request logout?", which then kills your previous session and lets you login. This may also happen if the server just has a hickup, or wasn't shut down properly, and nobody is actually online with that account. Thinking about it, I guess it would be very rare for someone not to click "Yes" on that prompt. You have control over the account, you want to play, so you won't go "Oh, I'm logged in already? K, gonna be back later." So, maybe it would be fine to just kill potential other sessions? Preventing double login by simply, potentially kicking someone else? |
Beta Was this translation helpful? Give feedback.
-
Perhaps we should create a table that keeps a record of login history for each user. Particularly, this is useful for the following reasons.
CZ_CONNECT
packet, we can store the hardware address and IP address of a user. That can be used for ban implementations in the future.Downsides:
Beta Was this translation helpful? Give feedback.
All reactions