wynd's profile wynd's wall (single view)
nebulous's avatar @nebulous

Wait so how do accounts work if there is no password

Glad you asked! Each account has a different “session” that is saved in your local browser data, along with the username. When you enter the website, the API checks if your username matches with your session. You cannot actually see that session because the only time your browser will actually receive it is when you sign up, so that it can be saved in your local browser data.

wynd's avatar @wynd

So I can’t sign on from anything but the built in discord browser now?

nebulous's avatar @nebulous

what

wynd's avatar @wynd

Am I only able to sign on with the device+browser I made the account with?

nebulous's avatar @nebulous

well, yes, but i am planning to create a token feature where you can generate a key for your account that you can use to log in from other devices

wynd's avatar @wynd

Ok that’s good

tnix's avatar @tnix

Uhh, that sounds bad. Accounts could very easily be lost and it sounds like there’s one token that can be used, meaning if the token is stolen that person has full access over their account. I would recommend just using normal accounts and also having a token pair, one for accessing the site that expires after a short amount of time and one that refreshes the session with a different token, also detect token re-use and all of that.

wynd's avatar @wynd

This was a conversation about a website that doesn’t seem to exist anymore

tnix's avatar @tnix

Were you talking about Bundle or some other site?

wynd's avatar @wynd

riverbox, it was like bundle but before

nebulous's avatar @nebulous

i legit have no idea about what i was talking about here. Your password and username were saved in localStorage and that was basically the entire auth system. Bundle uses a better system now

View all comments