[codger]

I've been retrieving BBO data to score club games since March 2020 using Excel. The code (VBA) is largely unchanged since those times and certainly the overarching method: submit a cookie, retrieve traveller data from MyHands, score in a spreadsheet, export to club website.

I invoke a MSXML2.ServerXMLHTTP60 object and first GET the list of travellers via https://www.bridgeba...8489-&offset=0. But that now fails (on 6.36.2) having worked last week (6.35.?). The response headers returned are,

Cache-Control: no-store, no-cache, must-revalidate
Date: Fri, 07 Feb 2025 18:36:06 GMT
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: nginx
Set-Cookie: myhands_token=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0

All this is from my personal login - which I've used for years. Curiously, if I switch to the Virtual Club username (discovering and submitting its cookie in the request), it *does* work. The return is then,

Cache-Control: private
Date: Fri, 07 Feb 2025 18:20:01 GMT
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: nginx

Yet, aside from the cookie string, the same call is used. It's as if my cookie is no longer valid. My access in a browser is unaffected and I have checked the storage internals and the cookie is as used. I've done all manner of refreshes and reloads but am a loss to explain. I did wonder about changing my password but I thought I'd ask here first...

Any ideas?

[Edited for off-by-one version numbers]

[diana_eva]

@codger, thank you for the detailed explanation.

This will be resolved next week - it was caused by some security changes in our setup.

[codger]

diana_eva, on 2025-February-08, 03:54, said:

@codger, thank you for the detailed explanation.

This will be resolved next week - it was caused by some security changes in our setup.

Thank Diana - I'll check back with interest.

[diana_eva]

This has been resolved.

[codger]

Unfortunately, programmatically, I can no longer get any data back from MyHands. My attempts with various logins now all fail - not just mine.

I see that the myhands_token cookie has changed: previously it was username%7C (i.e. username|) followed by 40 hex characters - now it's just the hex string. Do I need another cookie? The failure text is as above,

2025-02-13 16:57:51 https://www.bridgeba...14039-&offset=0
Cache-Control: no-store, no-cache, must-revalidate
Date: Thu, 13 Feb 2025 16:57:50 GMT
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: nginx
Set-Cookie: myhands_token=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0

I'm somewhat at a loss as now, even my workaround of using the cookie of tournament host fails.

[barmar]

Sorry, we messed up when we changed the cookie format and took the username out. We'll fix it again shortly.

[codger]

Thanks, it's working now.

The forumlation of the hex string has changed so the cookie needs to be retrieved afresh, but that's no real trouble.

[barmar]

The change to the hex string is a consequence of the change to the way we store passwords in the database.