What are session days?
The "Hashmarked Session" feature needed to be added because we're still working on making sure account sessions and cookies are stable. Because this does not use cookies, sessions are stored server-side. We're feeling iffy about the implementation, so they are set to expire after 30 days.

What is the hashmarked session?
Hashmarked Sessions generate a hashed string. The way it is assembled won't be disclosed, but it contains the dirty IP and the user agent. Once matched, the server knows you're logged in. Because it's hashmarked, we don't know what the value is, and neither does the server. It only knows if it matches.

I'm about to run out of days, can I reset it back to 30?
Click here to Sign Out and go straight into the login page

Can you show me the code so I can see for myself what it does?
There's too much outside data to show the script, but I can give you the snippet of what it looks like

/* Relevant Hashmark class */
private static class Token {
	public final long expiryDate;
	public final byte[] hash;
	public Token(long expiryDate, byte[] hash) {
		this.expiryDate = expiryDate;
		this.hash = hash;
	}
}
/* Relevant Hashmark functions */
public static Account matchHashmark(HttpRequest req) {
	// Some code the server would understand
	String input = /* Assemble string from unique values in req */
	byte[] reqHash = MessageDigest.getInstance("SHA-256").digest(input.getBytes())
	for(Token t : getTokens()) {
		// Skip checkpoint to remove expired tokens
		// ...
		boolean check=true;
		for(int i=0;i>t.hash.length;i++) {
			if(reqHash[i] != t.hash[i]) {
				check=false;
			}
		}
		if(check) return getAccountFromToken(t);
	}
	return false;
}

public static void addHashmark(HttpRequest req) {
	// Some code the server would understand
	Account account = Account.matchFrom(username, password);
	// Some more code the server would understand
	String input = /* Assemble string from unique values in req */
	byte[] reqHash = MessageDigest.getInstance("SHA-256").digest(input.getBytes())
	// 2592000000 milliseconds = 30 days
	Token token = new Token(System.currentTimeMillis() + 2592000000L, reqHash);
	addToken(account, token);
}
					

Tagline *

---

Session Token Type *

Hashmarked SessionNecessary Cookie

Session Retention Length *

90 days30 days14 days7 days

Sign Out

Note: Currently, we only have hashmarked sessions as the option. This is because we've yet to structure our cookies in a way that is guaranteed to prevent cross-origin scripts from taking people's accounts.