For the past 6 months or longer if you try to sign into thesixtyone.com it will just sit and be “pondering”, “debating”, “speculating”, “introspecting”, “dreaming”, “contemplating”.
For the longest time I was unable to use my account on my laptop, and the only time listening to thesixtyone counted towards my profile was at home on my desktop, and every time I ran across a new song I wanted to put onto a play list I would have to wait until I got home to do it.
I found out that if I copied the session cookie from my desktop onto my laptop that I could then use my account! : )
This is great if you are in the same situation as me if you are logged in at one location but not the other, but does this mean that everyone else who doesn’t have an account logged in is out of luck? I always feared that eventually my session would end, and I would forever loose my account at thesixtyone, because I would never be able to log back in to it.
I quickly figured out how valuable my session cookie was to me so I copied it over into text document and saved it to my dropbox, now whenever I have a new OS, computer, or device I can always get back into my account.
Luckily there a few things we can exploit to get this working for anyone, as I just found out about today.
As some people already know, you can still log into old.thesixtyone.com.
Off Topic: If you know of the history behind thesixtyone, all the devoted users were very angry about the new changes with thesixtyone, even though it looks nice and has images, one of the biggest issues was the lack of a social experience, and dumbing down of user profiles and overall UI.
You cannot simply log into old.thesixtyone.com and have thesixtyone.com work.
Instead we have to exploit session cookies.
Here’s the fix
Choose your browser: IE, Chrome, FF
Part 1
Log into your account at old.thesixtyone.com this will generate a session id that we need.
In IE you can copy and paste this into the URL bar
You can also do the same in Chrome, but you will need to retype the “javascript: ” at the start when you copy/paste it.
As for Firefox you will have to: Right click–> Inspect Element–> Go to the “Web Console” tab, you can then paste the code below without the starting “javascript: “. You can also do this same method in IE and Chrome by using the developer tools and going to the console, often you hit F12 and it will bring up the developer panel / console, for Firefox it is Ctrl+Shift+K. If you use the console method you do not need the starting “javascript: ”
This will grab your session id
javascript: function getCookie(c){var a=document.cookie,b=a.indexOf(" "+c+"=");-1==b&&(b=a.indexOf(c+"="));-1==b?a=null:(b=a.indexOf("=",b)+1,c=a.indexOf(";",b),-1==c&&(c=a.length),a=unescape(a.substring(b,c)));return a}; getCookie("sessionid")With Chrome and IE if you used the address bar to paste the code in, you should now see your session id on a blank white screen. If you used the console it should have printed it out in the console window.
Copy your session id and put it somewhere you can retrieve for the next step.
Part 2
Head over to thesixtyone.com
Using the same method as above to run code, use the code below to set your session id. You will need to change it where it says “YOUR SESSION ID” with the session id you got from Part 1.
javascript: function setCookie(d,a,c){var b=new Date;b.setDate(b.getDate()+c);a=escape(a)+(null==c?"":"; expires="+b.toUTCString());document.cookie=d+"="+a}; setCookie("sessionid", "YOUR SESSION ID", 3560)Now you should be able to refresh your page and you will be logged into thesixtyone! : D
Why Does This Work?
Security Junk…
Thesixtyone uses the same server environment and database for the old.thesixtyone and the normal thesixtyone. Some websites will do some sanity tests which prevent you from using a session id across multiple IP addresses, browsers, and often will only allow one session id per user. With thesixtyone you can have multiple sessions which means if you logged into your laptop you could still stay logged in at your desktop because each one has its own unique session id linked to your account. Luckily for us though we can use the same session id from old.thesixtyone and it will work on the normal sixtyone because they are within the same environment. Having the same session ID across multiple browsers, or devices is not normal, but in our case it works perfect for us.
Blah blah blah… going off topic here….
For example Blizzard amazingly was not very secure about their sessions, so hackers could “session hijack” people, using the same idea here. I believe now they check that the session is coming from the same IP Address, thank god; amazing that such a large high up company would let something like this fly. Many game authentication systems have also been binding accounts to machine hardware, which is very useful, such as how Steam will make you enter a 5 digit code that is emailed to you when trying to add a new computer to your account, so that even if someone gets your username and password to Steam it requires that you access your email account to grab the generated code. There are still very dedicated methods to obtaining or spoofing hardware IDs, but it makes it much more complicated and tedious which means less automation and less profit for a hacker, it would essentially require singling out a target and stalking them as prey, if you knew a person that well and had physical access to their PC you would have a much more solid and easier chance by just asking the person to use their account… lol
12 Comments
The solution is fine but to complicated to us peasants…
Thanks for the input : )
I tried to make it easy, but it is still very technical, I’m thinking about making a Youtube video showing how to do it, as I imagine that would surely help.
Thanks! I am sure you made it work. I retrived the ID but was unbsuccessfull in setting it.
Why cant they fix it? Beats me….
Did you change the “YOUR SESSION ID” in the second script to the ID you gathered?
Which browser are you using?
It’s quite sad, but it really does seem that they simply let thesixtyone die, nobody is working on it and many things are breaking such as the login and youtube integration. Maybe they cut funding on it? It seems that the company that takes care of thesixtyone is only worried about making iOS apps for kids now or something? : \
I should have a video up by tomorrow, or later today.
Uploaded video now, I know its rather quick and doesn’t have any voice overs, but I hope it helps some people out.
Make sure to choose IE / Chrome / FF on the youtube annotations
or use the links I provided, depending on which browser you want to be logged into.
If you get your session ID from part 1 you can skip it and just do part 2 on all your browsers if you want to be logged into multiple browsers.
Thanks! Yupp, did change the session id and using Chrome dev. I’ll give your video a shot this afternoon.
Totally works! Great find Cody 🙂 Another trick to keep this working would be to create a bookmark that has the javascript as the link. If you ever need to get your session working again, just click the bookmark. This fix is going to bring me back to thesixtyone!
Great to hear, in the script I did set the cookie to last 10 years, but people still clear their cookies every now and then.
If anyone wants to hit me up on thesixtyone here’s my link:
thesixtyone.com/cts
Thank you!
Bloody Brilliant! I enjoy thesixtyone, I have discovered and purchased a metric tonne of great indie music there and yet it is a ghost ship (I often purchase via Bandcamp if the song is not available directly from thesixtyone). I know there’s history and all, but someone is keeping the thing going so it must be making some money? Why would they not try and rebuild the brand? Anyway thanks for the information mate you are officially followed. I live again!
Thanks, it’s just unfortunate to see that it’s not even kept going anymore really. It seems that half the songs haven’t been playing because any songs on the audio2 server haven’t been loading since it hasn’t been responding. It makes me wonder if they’re not paying the bill anymore for their Amazon cloud service, or what’s going on, as well as simple things like the login going down hill.
I know I saw a video on Youtube, that made it sound like the site was created by some college students, I’m not sure how accurate that or the information on Wikipedia is, but if you check thesixtyone’s facebook it seems that all their interest is now in making iOS apps like dinosaur [educational] games for little kids, and maybe another music venture on iOS.
It bothers me because I swear I’ve seen your name somewhere before you posted on here, or maybe it’s just dejavu?
They’ve now fixed the issue after I contacted them a few months back : )