Login Shortcuts

[aussieboykie]

When I manually enter a userid and no password into a Fastmail window, the following appears in the address window of my browser...

https://www.fastmail.fm/mail/?Ust=hex-string!;Uid=hex-string!hex-string;UBd=fastmail

What are these keyword/hex string combinations and how do they relate to my userid (with no password supplied) login request?

Ideally, I'd like to configure a simple shortcut along the lines of:

https://www.fastmail.fm/mail/?Uid=myuserid

If I try this I get a messagingengine.com parsing timeout error, so it's clearly not that simple. Can someone put me on the right track?

Thanks, AB

[JeremyY]

I suppose you could do it this way (borrowed from FastCheck):

http://www.fastmail.fm/mail/?FLN-UserName=<username>

but that would give you a incorrect password alert everytime so its not the most efficient way.

[kander]

I assume you're trying to get something similar to the URL's Fastcheck uses to open your mailbox directly, without requiring a login?

I assume that these hex strings are a form of encoding for our username and password so that they can't be intercepted in the URL... but that's a very wild guess.

Sorry for not being able to contribute substantially to this thread... perhaps one of the more knowledgable users will know this.

--K

[edit: JeremyY beat me to the minute in posting that Yeah, I was refering to that URL too]

[aussieboykie]

Jeremy/Kander

Thanks. That is very close to precisely what I want to do. It gives me a login screen with the userid already filled in but no password. The only additional "nice to have" is to get the cursor positioned in the password field.

Regards, AB

[kander]

Hey, could you try the following: http://www.fastmail.fm/mailX/?MLS=MB...sword;MSignal=

This is what I got from sniffing my HTTP traffic... perhaps it'll work?

Replace mailX with mail(server #), and myusername with username, mypassword with password.

--K

[Si1]

That works! Well done Kander!

[kander]

Well, in that case you're welcome :-) *feels kinda proud*

Quote:

Sorry for not being able to contribute substantially to this thread... perhaps one of the more knowledgable users will know this.

I guess I just promoted myself to Knowledgable... :-)

--K

[bitequator]

Just curious, how many mail servers is FM actually using (anyone NOT on mail1)? "mail" by itself sems to work for our accts (all apparently on mail1?).

So for example, just:
http://www.fastmail.fm/mail/?FLN-Use...assword=[]
(replace [] w/ your info)

Don't forget to preface with "https://" but then again sending clear PW would seem to defeat purpose of secure initial login (but not the actual pages)?

[robmueller]

Some notes for the technically curious:

/mail/

The short: Path to server code
The long: Basically separates the backend servers. Starts at /mail/, but will migrate to the correct /mailx/ after you login.

Ust=hex-string!hex-string
Uid=hex-string!hex-string

The short: The session 'salt' and the session 'id'.
The long: Since each web-request is separate (open connection to server, get page, close connection), there needs to be some way to hook up back to the correct logged in user. This is usually done using a 'session id'. Previously, the session id was always carried in the URL, but this is insecure in that you can accidentally email a URL to someone else, and if they use it within 2 hours or before you logout of yor session, they get access to your account.

So now we use 'cookies' to store the session id where possible. However, there's 2 problems:
1. How do you know if the browser has cookies turned on/off
2. Some people want to login to different accounts at the same time (multiple sessions)

The solution to 1 is to send both a cookie to set the session id, and also put the session id in the URL for the first page. If you get a cookie back on the next displayed page, you know cookies are enabled, and you can then remove the session id from the URL to get the security from then on

The solution to 2 is to have a 'salt'. Each time you go to http://www.fastmail.fm, you get a different cookie with a slightly different name. The name is related to the 'salt' which is then carried around in the URL. Each on it's own is useless, but when you put them together on the server side, you can get the correct session. This way, multiple windows can be open at once, accessing different accounts.

UBd=fastmail

The short: The users brand
The long: The users brand. To complex to get into

FLN-UserName=name
FLN-Password=name

The short: The username/password form fields.
The long: The values in the form fields when the form is submitted. By default, more form fields get their old value, which is why setting FLN-UserName works to pre-fillin the username field

MSignal=

The short: What to do
The long: The server side action/signal to perform. Again, too complex to get into.

Of course, none of this should really ever be assumed, but most of it happens to work

Some to use:

To pre-fill your username:
https://www.fastmail.fm/mail/?FLN-UserName=username

To login:
https://www.fastmail.fm/mail/?FLN-Us...Authenticate@0

For the moment, there's not really much point using any others.

Rob

[fmfan]

Per Rob in post above fast login is:

https://www.fastmail.fm/mail/?FLN-UserName=username;FLN-Password=password;MSignal=LN-Authenticate@0

[no spaces]

Where username will now be username@domain.tld
- example: myusername@fastimap.com

Except for fastmail.fm domain.tld - then username is just username
- do not have to use username & domain.tld as using www.fastmail.fm
(already) to login.

Seems slightly faster login if use actual mail server in url.

Noticed previously when logged into my main FastMail.fm account the https://www.fastmail.fm/mail2/ mail server number after /mail / & put in above to get:

https://www.fastmail.fm/mail2/?FLN-UserName=username;FLN-Password=password;MSignal=LN-Authenticate@0

From what I see also a /mail1/ server for some accounts
- just login and note for your account(s).


Thanks to Rob back from April this year & to Kander for ref. back to Apr. thread - vg mem.!

[vidvandre]

This was recently discussed extensively in the "What's the fastest way to access the fastmail login page?" thread...

[fmfan]

Quote:

Originally posted by vidvandre
This was recently discussed extensively in the "What's the fastest way to access the fastmail login page?" thread...

Realize - just thought would refer back to "the horse's mouth" - originial source
- ack. & thank while at it - since had not before
- as login in referred-to thread - that had been working - no longer works since time of db corruption - get long error message in very large area with pink background near top of login webpage - so was referred back to original thread posts for source data.

Should have stated one login that thread that had been in-use no longer works - why - I do not know - as worked prior to time noted above.


edit: Just checked another post referred-to thread and find login scenario that post there also now no longer works???

So, others who posted a login that thread might want to check theirs for current usability?