I'll start off by saying this is pretty much a result of user error. However, the consequences of this user error are disproportionate to the mistake I made. I've had this happen twice now, and I imagine I'll probably make the mistake again in the future. I know it's my fault, but I don't know how to prevent myself from ever making this mistake again.
If you open KoLmafia, it binds to a local port, and the relay browser talks on that port. KoLmafia assumes that any requests coming in on that port are directed to the current session, even if they're from a different session.
I often have multiple tabs open, and I'm lazy about closing tabs for sessions that have already ended. I usually log out from the "General" tab in KoLmafia, rather than the logout button in the relay browser, which leaves the relay browser tab for that session open.
I've never really had any serious issues from doing this, except this one: if you go into combat from a tab that was logged in with a different character, all 12 combat action bars for your current character get permanently replaced by the combat action bars for the character that was previously logged in on that tab.
It's probably technically a bug in KoL to completely replace the action bars like that. Or maybe not. But it's not really KoL's fault, because it's being used outside of it's design: if you don't use KoLmafia, you could never accidentally trigger that behavior. And it's not really KoLmafia's fault, because it's just passing along requests made by the relay browser. So really it's the user's fault for sending a request from a different session. But losing up to 12 bars of carefully configured buttons in exchange for accidentally clicking the wrong tab is really dangerous behavior.
I have a few ideas of how this could be avoided, but of course the developers might have better ideas on preventing this:
1. Bind KoLmafia to a new port each time you log in. Existing browser sessions would simply fail to connect.
2. Somehow detect that the character that generated the request in the relay browser is not the one that KoLmafia is logged in as, using existing request data.
3. Inject a KoLmafia generated cookie into all responses sent to the relay browser, and refuse to honor browser requests that don't include that cookie.
If you open KoLmafia, it binds to a local port, and the relay browser talks on that port. KoLmafia assumes that any requests coming in on that port are directed to the current session, even if they're from a different session.
I often have multiple tabs open, and I'm lazy about closing tabs for sessions that have already ended. I usually log out from the "General" tab in KoLmafia, rather than the logout button in the relay browser, which leaves the relay browser tab for that session open.
I've never really had any serious issues from doing this, except this one: if you go into combat from a tab that was logged in with a different character, all 12 combat action bars for your current character get permanently replaced by the combat action bars for the character that was previously logged in on that tab.
It's probably technically a bug in KoL to completely replace the action bars like that. Or maybe not. But it's not really KoL's fault, because it's being used outside of it's design: if you don't use KoLmafia, you could never accidentally trigger that behavior. And it's not really KoLmafia's fault, because it's just passing along requests made by the relay browser. So really it's the user's fault for sending a request from a different session. But losing up to 12 bars of carefully configured buttons in exchange for accidentally clicking the wrong tab is really dangerous behavior.
I have a few ideas of how this could be avoided, but of course the developers might have better ideas on preventing this:
1. Bind KoLmafia to a new port each time you log in. Existing browser sessions would simply fail to connect.
2. Somehow detect that the character that generated the request in the relay browser is not the one that KoLmafia is logged in as, using existing request data.
3. Inject a KoLmafia generated cookie into all responses sent to the relay browser, and refuse to honor browser requests that don't include that cookie.