|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
22 Apr 2003, 10:33 AM | #1 |
Essential Contributor
Join Date: Dec 2002
Location: Sydney, Australia
Posts: 475
|
Login Shortcuts
When I manually enter a userid and no password into a Fastmail window, the following appears in the address window of my browser...
https://www.fastmail.fm/mail/?Ust=hex-string!;Uid=hex-string!hex-string;UBd=fastmail What are these keyword/hex string combinations and how do they relate to my userid (with no password supplied) login request? Ideally, I'd like to configure a simple shortcut along the lines of: https://www.fastmail.fm/mail/?Uid=myuserid If I try this I get a messagingengine.com parsing timeout error, so it's clearly not that simple. Can someone put me on the right track? Thanks, AB |
22 Apr 2003, 10:39 AM | #2 |
Senior Member
Join Date: Feb 2003
Location: Canada
Posts: 104
|
I suppose you could do it this way (borrowed from FastCheck):
http://www.fastmail.fm/mail/?FLN-UserName=<username> but that would give you a incorrect password alert everytime so its not the most efficient way. |
22 Apr 2003, 10:41 AM | #3 |
The "e" in e-mail
Join Date: Jan 2002
Location: The Netherlands
Posts: 4,112
|
I assume you're trying to get something similar to the URL's Fastcheck uses to open your mailbox directly, without requiring a login?
I assume that these hex strings are a form of encoding for our username and password so that they can't be intercepted in the URL... but that's a very wild guess. Sorry for not being able to contribute substantially to this thread... perhaps one of the more knowledgable users will know this. --K [edit: JeremyY beat me to the minute in posting that Yeah, I was refering to that URL too] |
22 Apr 2003, 10:45 AM | #4 |
Essential Contributor
Join Date: Dec 2002
Location: Sydney, Australia
Posts: 475
|
Jeremy/Kander
Thanks. That is very close to precisely what I want to do. It gives me a login screen with the userid already filled in but no password. The only additional "nice to have" is to get the cursor positioned in the password field. Regards, AB |
22 Apr 2003, 10:57 AM | #5 |
The "e" in e-mail
Join Date: Jan 2002
Location: The Netherlands
Posts: 4,112
|
Hey, could you try the following: http://www.fastmail.fm/mailX/?MLS=MB...sword;MSignal=
This is what I got from sniffing my HTTP traffic... perhaps it'll work? Replace mailX with mail(server #), and myusername with username, mypassword with password. --K |
22 Apr 2003, 11:01 AM | #6 |
Cornerstone of the Community
Join Date: Apr 2002
Location: UK
Posts: 590
|
That works! Well done Kander!
|
22 Apr 2003, 11:06 AM | #7 | |
The "e" in e-mail
Join Date: Jan 2002
Location: The Netherlands
Posts: 4,112
|
Well, in that case you're welcome :-) *feels kinda proud*
Quote:
--K |
|
22 Apr 2003, 12:02 PM | #8 |
The "e" in e-mail
Join Date: Apr 2003
Location: USA
Posts: 2,978
|
Just curious, how many mail servers is FM actually using (anyone NOT on mail1)? "mail" by itself sems to work for our accts (all apparently on mail1?).
So for example, just: http://www.fastmail.fm/mail/?FLN-Use...assword=[] (replace [] w/ your info) Don't forget to preface with "https://" but then again sending clear PW would seem to defeat purpose of secure initial login (but not the actual pages)? Last edited by bitequator : 22 Apr 2003 at 12:07 PM. |
22 Apr 2003, 05:35 PM | #9 |
Intergalactic Postmaster
Join Date: Oct 2001
Location: Melbourne, Australia
Posts: 6,102
Representative of:
Fastmail.FM |
Some notes for the technically curious:
/mail/ The short: Path to server code The long: Basically separates the backend servers. Starts at /mail/, but will migrate to the correct /mailx/ after you login. Ust=hex-string!hex-string Uid=hex-string!hex-string The short: The session 'salt' and the session 'id'. The long: Since each web-request is separate (open connection to server, get page, close connection), there needs to be some way to hook up back to the correct logged in user. This is usually done using a 'session id'. Previously, the session id was always carried in the URL, but this is insecure in that you can accidentally email a URL to someone else, and if they use it within 2 hours or before you logout of yor session, they get access to your account. So now we use 'cookies' to store the session id where possible. However, there's 2 problems: 1. How do you know if the browser has cookies turned on/off 2. Some people want to login to different accounts at the same time (multiple sessions) The solution to 1 is to send both a cookie to set the session id, and also put the session id in the URL for the first page. If you get a cookie back on the next displayed page, you know cookies are enabled, and you can then remove the session id from the URL to get the security from then on The solution to 2 is to have a 'salt'. Each time you go to http://www.fastmail.fm, you get a different cookie with a slightly different name. The name is related to the 'salt' which is then carried around in the URL. Each on it's own is useless, but when you put them together on the server side, you can get the correct session. This way, multiple windows can be open at once, accessing different accounts. UBd=fastmail The short: The users brand The long: The users brand. To complex to get into FLN-UserName=name FLN-Password=name The short: The username/password form fields. The long: The values in the form fields when the form is submitted. By default, more form fields get their old value, which is why setting FLN-UserName works to pre-fillin the username field MSignal= The short: What to do The long: The server side action/signal to perform. Again, too complex to get into. Of course, none of this should really ever be assumed, but most of it happens to work Some to use: To pre-fill your username: https://www.fastmail.fm/mail/?FLN-UserName=username To login: https://www.fastmail.fm/mail/?FLN-Us...Authenticate@0 For the moment, there's not really much point using any others. Rob |
25 Aug 2003, 02:46 AM | #10 |
Master of the @
Join Date: Jul 2002
Location: TX US
Posts: 1,298
|
Per Rob in post above fast login is:
https://www.fastmail.fm/mail/?FLN-UserName=username;FLN-Password=password;MSignal=LN-Authenticate@0 [no spaces] Where username will now be username@domain.tld - example: myusername@fastimap.com Except for fastmail.fm domain.tld - then username is just username - do not have to use username & domain.tld as using www.fastmail.fm (already) to login. Seems slightly faster login if use actual mail server in url. Noticed previously when logged into my main FastMail.fm account the https://www.fastmail.fm/mail2/ mail server number after /mail / & put in above to get: https://www.fastmail.fm/mail2/?FLN-UserName=username;FLN-Password=password;MSignal=LN-Authenticate@0 From what I see also a /mail1/ server for some accounts - just login and note for your account(s). Thanks to Rob back from April this year & to Kander for ref. back to Apr. thread - vg mem.! Last edited by fmfan : 25 Aug 2003 at 10:14 AM. |
25 Aug 2003, 04:58 AM | #11 |
Cornerstone of the Community
Join Date: Dec 2002
Location: Sørumsand(!), Norway
Posts: 625
|
This was recently discussed extensively in the "What's the fastest way to access the fastmail login page?" thread...
|
25 Aug 2003, 09:31 AM | #12 | |
Master of the @
Join Date: Jul 2002
Location: TX US
Posts: 1,298
|
Quote:
- ack. & thank while at it - since had not before - as login in referred-to thread - that had been working - no longer works since time of db corruption - get long error message in very large area with pink background near top of login webpage - so was referred back to original thread posts for source data. Should have stated one login that thread that had been in-use no longer works - why - I do not know - as worked prior to time noted above. edit: Just checked another post referred-to thread and find login scenario that post there also now no longer works??? So, others who posted a login that thread might want to check theirs for current usability? Last edited by fmfan : 25 Aug 2003 at 10:15 AM. |
|