During the review of DM transmission logs, we identified several issues with the login process and cookie management when comparing dub version 3.617 and dub version 3.567. The specific issues are outlined below.
Cookie Usage:
ver3.567: A cookie named "global trust cookies" is used in each operation, presumably aiding in session management and maintaining authentication information.
ver3.617: The same "global trust cookies" are used, but frequent errors stating "UserID not stored" indicate that the cookies are not being utilized correctly, or specific user IDs are not being saved within the cookies.
Login and Session Establishment:
ver3.567: No clear issues related to login or session establishment are noted in the logs.
ver3.617: Errors such as "Couldn't set CSFR" and "FAILED: Couldn't get ct0 cookies to set x-csrf" are present, indicating that Cross-Site Request Forgery (CSRF) tokens are not being correctly set.
Handling of Authentication Tokens (auth_token) and CSRF Tokens (ct0):
ver3.617: Issues regarding authentication tokens and CSRF tokens are specifically mentioned, particularly the failure to acquire the ct0 token. This implies that necessary security tokens for authentication and other operations are not being set, suggesting that operations needed to maintain logins and sessions are not being performed correctly.
Comparison of Account Locks:
ver3.567: Notably fewer account locks are reported, suggesting there may be an issue in this area.
We hope this information aids in resolving the problems.
Issues in Login Process and Cookie Management Between Versions 3.567 and 3.617
Re: Issues in Login Process and Cookie Management Between Versions 3.567 and 3.617
Here is the information on the issue discussed:
Summary
・Problem Overview: [Request for modification regarding the issue of accounts being frozen after being unlocked]
Detailed Issue
・Conditions of Occurrence: [Using capsolver to unlock on Twitter dub results in the account being frozen immediately after operation.]
・Reproduction Steps:
1.[Run "Verify login web" for the target account]
2.[Open the target account in "Open Acc in session Browser" and manually follow a few accounts.]
3.[Following about 10 accounts leads to account suspension.]
・Expected Behavior: [To be able to follow more than 10 accounts without getting suspended.]
・Actual Behavior: [Gets suspended before reaching 10 follows.]
Suggested Modification
・Specific Modification Proposal: [It is necessary to explicitly specify the 'blob parameter' to obtain high-quality unlock tokens. This ensures that API users correctly use the parameter, allowing for safer account unlocks. This method has been tested.]
Summary
・Problem Overview: [Request for modification regarding the issue of accounts being frozen after being unlocked]
Detailed Issue
・Conditions of Occurrence: [Using capsolver to unlock on Twitter dub results in the account being frozen immediately after operation.]
・Reproduction Steps:
1.[Run "Verify login web" for the target account]
2.[Open the target account in "Open Acc in session Browser" and manually follow a few accounts.]
3.[Following about 10 accounts leads to account suspension.]
・Expected Behavior: [To be able to follow more than 10 accounts without getting suspended.]
・Actual Behavior: [Gets suspended before reaching 10 follows.]
Suggested Modification
・Specific Modification Proposal: [It is necessary to explicitly specify the 'blob parameter' to obtain high-quality unlock tokens. This ensures that API users correctly use the parameter, allowing for safer account unlocks. This method has been tested.]
-
martin@rootjazz
- Site Admin
- Posts: 34929
- Joined: Fri Jan 25, 2013 10:06 pm
- Location: The Funk
- Contact:
Re: Issues in Login Process and Cookie Management Between Versions 3.567 and 3.617
hhk wrote: ↑Fri May 10, 2024 8:53 am During the review of DM transmission logs, we identified several issues with the login process and cookie management when comparing dub version 3.617 and dub version 3.567. The specific issues are outlined below.
Cookie Usage:
ver3.567: A cookie named "global trust cookies" is used in each operation, presumably aiding in session management and maintaining authentication information.
ver3.617: The same "global trust cookies" are used, but frequent errors stating "UserID not stored" indicate that the cookies are not being utilized correctly, or specific user IDs are not being saved within the cookies.
Login and Session Establishment:
ver3.567: No clear issues related to login or session establishment are noted in the logs.
ver3.617: Errors such as "Couldn't set CSFR" and "FAILED: Couldn't get ct0 cookies to set x-csrf" are present, indicating that Cross-Site Request Forgery (CSRF) tokens are not being correctly set.
Handling of Authentication Tokens (auth_token) and CSRF Tokens (ct0):
ver3.617: Issues regarding authentication tokens and CSRF tokens are specifically mentioned, particularly the failure to acquire the ct0 token. This implies that necessary security tokens for authentication and other operations are not being set, suggesting that operations needed to maintain logins and sessions are not being performed correctly.
Comparison of Account Locks:
ver3.567: Notably fewer account locks are reported, suggesting there may be an issue in this area.
We hope this information aids in resolving the problems.
Thanks for the detailed post. From version 3.567 there were many improvements made, included to the logging. Just because the earlier version was not reporting issues, does not mean the issues were not there. It's just the later version is detecting them / logging them, then trying to fix them
Just once example, CSFR token, twitter changed how it worked, so TD changed to work correctly, this then may show in the logs as some errors, that don't appear on the old version, because the version is happily working incorrectly with the wrong token.
Similarly for your other points, the later version is working better.
Also 3.167 is also an old version, about 20 versions behind.
https://rootjazz.com/twitterdub/updatetesting.html
and some of what you have reported is already working better
Re: Issues in Login Process and Cookie Management Between Versions 3.567 and 3.617
Thank you for sharing detailed information. I understand that the new version contains many improvements, especially the enhanced logging features. The fact that issues not detected in older versions are reported in the new version suggests that these issues might have existed before, which is very useful information. I will also try the suggested version.
Regarding the improvement suggestion for the capsolver token release, changing to a method that uses blob data to reduce the risk of account suspension is a very important point.
I look forward to continued updates to the latest versions and further improvements in functionality. Please continue to support us.
Regarding the improvement suggestion for the capsolver token release, changing to a method that uses blob data to reduce the risk of account suspension is a very important point.
I look forward to continued updates to the latest versions and further improvements in functionality. Please continue to support us.
-
martin@rootjazz
- Site Admin
- Posts: 34929
- Joined: Fri Jan 25, 2013 10:06 pm
- Location: The Funk
- Contact:
Re: Issues in Login Process and Cookie Management Between Versions 3.567 and 3.617
updates to carry on discussion here re funcaptcha data[blob]hhk wrote: ↑Sat May 11, 2024 11:31 am Thank you for sharing detailed information. I understand that the new version contains many improvements, especially the enhanced logging features. The fact that issues not detected in older versions are reported in the new version suggests that these issues might have existed before, which is very useful information. I will also try the suggested version.
Regarding the improvement suggestion for the capsolver token release, changing to a method that uses blob data to reduce the risk of account suspension is a very important point.
I look forward to continued updates to the latest versions and further improvements in functionality. Please continue to support us.
viewtopic.php?t=12903