Welcome Guest
Log In | Register )
You last visited December 7, 2016, 8:59 pm
All times shown are
Eastern Time (GMT-5:00)

Understanding log in / log off

Topic closed. 23 replies. Last post 9 years ago by Todd.

Page 1 of 2
52
PrintE-mailLink
Todd's avatar - Cylon 2.gif
Chief Bottle Washer
New Jersey
United States
Member #1
May 31, 2000
23267 Posts
Offline
Posted: August 1, 2007, 8:46 am - IP Logged

I think there is some confusion about the the log in / log off process at Lottery Post, and it may have something to do with a new security procedure.

The following is an explanation of how security works at Lottery Post.  By understanding how it all works, you should be able to use the security to your advantage, rather than being confused by it.

When you login to Lottery Post, behind the scenes it generates a "security token" and sends it to your PC. 

To imagine what a security token is, think of a combination lock -- the kind where you turn the knob right, then left, then right.

The security token is the combination to the lock (for example, "12 ... 32 ... 26" — but more much more complex in reality).

When you login, Lottery Post sends the security token [the combination to the lock] to your computer, and your computer stores it in a "cookie", which is nothing more than a small text file.

Every time you go to a new page, your computer is sending Lottery Post that security token [combination to the lock], and then Lottery Post checks to make sure the token is correct, and finally sends the page back to you if it's OK.

It USED to be that when you logged off, Lottery Post would simply make your computer forget the security token [combination] by deleting it from your cookie file.

The problem with the old approach is that all someone would have needed to do is to copy the cookie from your PC, and plug it in to their own web browser, and they would gain full access to your account as if you logged in on their PC.  That's because the security token [combination of the lock] would never change.

Using the combination lock scenario, it's like closing the lock, but not spinning the dial to mix up the internal tumblers.  If you close a combination lock without spinning the dial, most times you can just pull it back open again.

The NEW procedure adds additional security.  Every time you click Log Off, two things happen:

  1. The security token is erased from your cookie file (as it was before), and,
  2. Lottery Post generates a new security token [combination], so the next time you login, Lottery Post sends you a brand new security token, and any previous security tokens are useless.

The new procedures are working perfectly now, thanks to one last bug I fixed last night.  (The bug only happened in a small percentage of cases, but it was nasty nonetheless.)

However, the new security procedures do add one bit of confusion to those who use more than one PC.

The question, "Why do I have to keep logging in?" comes up fairly often.

Again, this only applies to those who use more than one PC.  (I personally fall into that category, so it affects me too.) 

The issue comes up in a scenario such as the following:

  1. A member logs in at home, and stays logged in when they leave for work.
  2. At work, the member logs in and uses Lottery Post just fine.
  3. Before going home, the member logs off at work.
  4. When the member goes home, they find their Lottery Post session logged off.

Why was the home PC logged off?

It logged off because when the member logged off at work, the Lottery Post server "turned the dial on the combination lock".  It create a new security token for their username.

So when the person went home, their PC at home has the OLD security token, which of course is not valid anymore, so the member is essentially "logged off" as a result of their computer not knowing the new code.

When they login, their computer will be sent the new code.

For the member in the example above, the only way to avoid getting logged off at home would have been to stay logged in at work.  i.e., Don't click the Log Off link.

But for me, if I was the member above, I would definitely click the Log Off link and re-log in at home, because I personally prefer the security of knowing that someone cannot copy my cookie and use it to login someplace else.

Hopefully this explanation will help you understand what is happening, and why.  I tried to write it in a way that is non-technical.  Try not to get thrown off track when you see words like "cookie" and "token".  If these word throw you try imagining the concepts using real-world objects that you understand, like I did with the combination lock above.

 

Check the State Lottery Report Card
What grade did your lottery earn?

 

Sign the Petition for True Lottery Drawings
Help eliminate computerized drawings!

    KyMystikal's avatar - 1457224010054
    Florence, Alabama
    United States
    Member #8658
    November 13, 2004
    1993 Posts
    Offline
    Posted: August 1, 2007, 8:56 am - IP Logged

    Thanks for the explanation Todd. This all makes sense to me now. I do log on at several different locations on different pc's. I log off at work because I don't want anyone getting on my account at work.

    I love doubles and remember, it's just a game!!!!!!

      chippie's avatar - Lottery-064.jpg

      Bahamas
      Member #31284
      January 27, 2006
      8962 Posts
      Offline
      Posted: August 1, 2007, 9:35 am - IP Logged

      Thanks Todd,

      I log on to several computers in one given day.

        Ms5PennieGen's avatar - aeonflux
        Texas
        United States
        Member #5816
        July 23, 2004
        4355 Posts
        Offline
        Posted: August 1, 2007, 10:14 am - IP Logged

        Thank you Todd,during the day I sometimes log in at the center where I volunteer and log off before leaving. Now I know why I have to log back in at home even though I left it login. Thanks for the heads up.

        Your present situation is not your final destination!
        Good luck...5pennies Dance
          Fibonacci's avatar - Lottery-050.jpg
          New York, NY
          United States
          Member #39471
          May 16, 2006
          2696 Posts
          Offline
          Posted: August 1, 2007, 10:32 am - IP Logged

          Great explanation Todd. You are a good teacher. Your combination lock analogoes were perfect.

          $$$


            United States
            Member #9579
            December 12, 2004
            2121 Posts
            Offline
            Posted: August 1, 2007, 10:48 am - IP Logged

            thanks todd.that must be why i was getting gambling e mails advertisements from all over,that i had to delete.

              KyMystikal's avatar - 1457224010054
              Florence, Alabama
              United States
              Member #8658
              November 13, 2004
              1993 Posts
              Offline
              Posted: August 1, 2007, 10:52 am - IP Logged

              Oh also thanks for putting that line across seperating the text from the signature. I don't know how long ago you did it, but I just noticed it today.

              I love doubles and remember, it's just a game!!!!!!

                Blackie's avatar - Norfolk 20Sunrise%20Nov%2016.jpg
                Norfolk , Va
                United States
                Member #4541
                May 2, 2004
                25098 Posts
                Offline
                Posted: August 1, 2007, 12:23 pm - IP Logged

                Thanks Todd. This cookie wouldn't have had a name like Addynam....... would it? I'm asking because I scanned my computer (laptop) and was told that this cookie needed attention and I should have it deleted. I deleted it then I moved to the home computer and had to log in again although I had left both computers logged in before that.

                Thanks for the class in cookies and how it works!!

                 

                 Good Luck,

                Blackie.                           

                  Todd's avatar - Cylon 2.gif
                  Chief Bottle Washer
                  New Jersey
                  United States
                  Member #1
                  May 31, 2000
                  23267 Posts
                  Offline
                  Posted: August 1, 2007, 3:45 pm - IP Logged

                  thanks todd.that must be why i was getting gambling e mails advertisements from all over,that i had to delete.

                  Lottery Post doesn't have anything to do with gambling e-mails, so whatever problem you're having with them is unrelated to Lottery Post.

                   

                  Check the State Lottery Report Card
                  What grade did your lottery earn?

                   

                  Sign the Petition for True Lottery Drawings
                  Help eliminate computerized drawings!

                    Lkydeb*594's avatar - yummyxmascat
                    Luv Vtracs 8-)

                    United States
                    Member #38062
                    April 23, 2006
                    12582 Posts
                    Offline
                    Posted: August 1, 2007, 4:26 pm - IP Logged

                    thank u teacher, I love the security. 

                     

                      Todd's avatar - Cylon 2.gif
                      Chief Bottle Washer
                      New Jersey
                      United States
                      Member #1
                      May 31, 2000
                      23267 Posts
                      Offline
                      Posted: August 1, 2007, 5:16 pm - IP Logged

                      Thanks for the "good teaching" comments!  I don't think of myself as a particularly good teacher, so they are appreciated.

                       

                      Check the State Lottery Report Card
                      What grade did your lottery earn?

                       

                      Sign the Petition for True Lottery Drawings
                      Help eliminate computerized drawings!

                        reddog's avatar - patch
                        Greensboro, North Carolina
                        United States
                        Member #1616
                        June 5, 2003
                        1287 Posts
                        Offline
                        Posted: August 1, 2007, 5:37 pm - IP Logged

                        You know you got it bad if you are logging in to Lotterpost at work. Or,,,, too much time on your hands and not enough work.Roll Eyes


                          United States
                          Member #9579
                          December 12, 2004
                          2121 Posts
                          Offline
                          Posted: August 1, 2007, 7:40 pm - IP Logged

                          todd,you miss the gist.i mean people watching this post can get your addy,and send you e mail spam.i haven't been able to get lottery post all day.i usually buy 5-10 dollars a day of pik 3-4,but will not buy any until i can get lottery post state homepage again.

                            Ladee's avatar - Lottery-008.jpg
                            North Carolina
                            United States
                            Member #52091
                            May 10, 2007
                            1366 Posts
                            Offline
                            Posted: August 2, 2007, 9:20 am - IP Logged

                            Hi Todd,

                            I attempted to login in last nite and received the message that there was an error in /: application, checked to make sure it was something wrong with my system and then i did a traceroute using the ip address to the site....went thru several routers and failed.....i gave up....this morning i tried to logon  and received a warning that stated security website certificate not valid and it was recommended that i not login.....do you know what this means....i decided to ignore it and signed on anyway because it was the only way for me to get on and post to you....please advise....leaving for work and will check this evening....Thanks Ladee NCSmile


                              United States
                              Member #9579
                              December 12, 2004
                              2121 Posts
                              Offline
                              Posted: August 2, 2007, 10:26 am - IP Logged

                              todd,mine is working fine now,cool.