Account -> change password doesn't affect game?

[Trafalgar]

It worked as far as logging in on the website, but here's what I see when I run autohaven.jnlp:

"Identity is saved for Trafalgar. [Forget me] [Login] Authentication token expired"

If I click Login, it successfully logs in, even though I haven't told the game my new password.

[loftar]

I don't completely understand your procedure. If you've clicked the "Forget me" button, it should return to the screen where it requires you to enter your user name and password. If you click the Login button without entering a password, nothing should happen. What password did you enter then?

[Trafalgar]

There was a way to tell it to remember you, which I had done previously. Since then the game hasn't asked for a password. So, now, I didn't click 'Forget me' and I didn't have a box to enter a password.

[loftar]

Oh, I see, you hadn't clicked the "Forget Me" button. Now I understand your original post. :)

But indeed, that is as it should. The "Remember Me" functionality doesn't actually save your password; rather, it saves a little cryptographic cookie that can be used on the next log in. I did that for extra security, so that the password isn't actually saved or transmitted in clear text anywhere (except on the web page, where I have little choice). The cookie itself isn't reset by changing the password. On the other hand, it's more secure than saving the password, because there can only be one saved cookie for each user account.

[Trafalgar]

Ah, I see. So it remembering me didn't have anything to do with the password at all.