[Jellyroll]

I was thinking the exact same thing regarding the tense of this post. It is not clear whether or not this did in fact exist at one time. I am a web developer and read through the exploit and find it entirely plausible that this did exist at one time, though now fixed. It's easy to dismiss these exploits as another guy claiming that poker is rigged. Although, the specific exploit details make perfect sense in this case, and would apply solely to the way that Pokerroom is setup. I would appreciate some clarification on the behalf of pokerroom.com.

Also, I am concerned that session hi-jacking seems like it would be feasible since pokerroom does not require you to reauthenticate when you use the same cookie with a new ip address. I see this is a potential issue. Can this be addressed? Even if this exploit has never worked, it is still an issue that someone on a completely different network can somehow obtain your cookie and then gain access to the website and games.

Jellyroll