How should I deal with a player whose roleplay cuts into other players enjoyment of the session?

I’m a very new DM running a homebrew campaign for a couple of friends.

One of my players, who is by far the most experienced, plays a bard who is definitely optimised for roleplay, and that seems to be the part of the game she enjoys the most.

This is fine, of course, but lately I think it’s been derailing the rest of the party’s experience. The rest of the party is made up of players who either struggle with roleplay or have optimised their character for combat. This player has spent 15-20 mintues interrogating an NPC in a zone of truth (even after I made it clear that there was nothing else to gain from the NPC) while the rest of the party has no idea what to do. She also interjects into other player’s rare roleplay moments to describe what her Bard is doing. The rest of the party gets tired or disengaged when the session is too roleplay-heavy, so I’ve been trying to reward any plot-progression they achieve with big, exciting combat encounters.

Then last session, as I was very clearly building up to a big encounter, the Bard player decided that she would rather try to reason with the angry, weapons-drawn guards. A couple of lucky persuasion rolls later, and the whole encounter (which I’d spent hours lovingly prepping) was circumvented. I understand that players messing up planned events is a natural part of being a DM, but I’m bothered by the fact that she didn’t give the other players a chance to decide for themselves whether they wanted to fight.

I don’t want this one player to feel like she’s being strong-armed by the DM or railroaded into certain outcomes, but I also want to give the rest of the party a chance to do what they love best –beating up some bad guys. How can I manage the roleplay needs of this player while also making sure that the rest of the party gets to experience the combat they want?

My group is obsessed with everyone attending the Session, which destroy’s any regular playing [closed]

I don’t know if this is a weird thing to ask.

However, my group consists of 5 Players and our DM. They’re great people and every Session is a lot of fun, ngl. The issue I’m having is that -for whatever reason- everyone (except me apparently) refuses to even think about playing if one of the Players isn’t attending.
Scheduling is difficult even when accepting losses. But only playing when everyone can attend, makes it impossible and I really don’t want a Campaign that runs once a month, if we’re lucky. Maybe I am just in my bubble since I have rather flexible working times.
But I just cannot understand, why one, or even two players being absent, would be a huge problem. I’ve been DMming myself for a while, rebalancing is annoying, but not impossible, even on the fly. A PC could be played by the DM or the PC does something in their Downtime while the group does something else, which explains why they aren’t there. For a big and important story arch, I would understand that everyone should ideally be there but even then one player not being there wouldn’t kill anyone. Especially since the Campaign is made in mind that players and PC’s are interchangeable and until now we haven’t gotten to a point where it was fundamentally important that everyone was there… If three players (more than 50%) can’t make it, then yeah, I understand cancelling a Session. But certainly not at 1-2 Players out of 5.

I just kinda want to hear your opinion. Either I am dumb for thinking that way, or I am not the only one here thinking that way

Same session cookies for a user logging from different browser/machine

So i new to web application security and have a doubt regarding session cookies. Which is more vulnerable:

  1. Having same session cookies for a user logging in from different machine/browser

or

  1. Having different session cookies for a use logging in from different machine/browser

if possible can you provide a quick scenario how each can be exploited

Thank you

WordPress Session Scaling

I have about 30k to 40k sessions per day on wordpress website, I have caching enabled, wp-optimize plugin I have php-fpm enabled my pool options is below: max-request = 200 process idle timout = 30 max-children = 40

my realtime stats for sessions on site goes up to 300 sometimes. i exprience sometimes downtime on my dedicated server.

Where am i going wrong?

my server config:

16processors each: cache: 16384 Intel(R) Xeon(R) D-2141I CPU @ 2.20GHz 2199.998 MHz

Memory: 4975220k/17825792k available (7784k kernel code, 1049112k absent, 532940k reserved, 5957k data, 1980k init)

Passing the session source to a hidden field of an unbounce form

It works fine if you go directly to to the form with a campaign link. But if you go to the website first and then click the button to get to the form – the source is gone from the url and so doesn’t get added to the field.

I came up with a solution that rewrote the button link on dom load to append with a new parameter name whatever campaign parameters they arrive with. However – that will only work if they land on one page and go to the form. I could keep making the tag more complicated to cover more situations and that might be the right path.

But I would like to know if there is an easier solution at the source by adding a tag that only triggers when the form loads and pulls the referrer or utm_source and puts it into the hidden field.

Does this make sense what I’m trying to do?

Thank you

Risks of Long-life Session

Most “big” websites seem to have enormous sessions. From looking through the cookies, Stack Exchange seems to have a one-week rolling session, GitHub has 45 days, and Gmail seems to have a never-ending session.

What are the security implications for having sessions longer than an a few hours? Apparently, the recommended time for session expiry is just fifteen minutes, but obviously that’s pretty bad for user experience. Is there a nice, happy medium for session expiry that smaller webapps can use? How do major websites manage to get away with such long sessions?

Is there a formula or method of planning a flexible homebrew campaign or session?

When ever I’m planning a session for my campaign I tend to plan a very strict plot. It makes me feel comfortable, and though you can never feel ready; it makes me feel ready to play when I have a plan.

If the players go off of the plot it really messes me up.

Is there a specific planning process or formula that most DMs use in planning a session? Put another way: is there a way to plan a session, that is flexible to what the players do.

Is there a formula (or something similar) that most DMs use?

Is there a formula or method of planning a flexible campaign or session? [duplicate]

When ever I’m planning a session for my campaign; I tend to plan a very strict plot. And if the players go off of it; it really messes me up. I was wandering if there was a specific planning process or formula that most DMs use in planning a session. It makes me feel comfortable, and though you can never feel ready; it makes me feel ready to play when I have a plan. However, is there a way to plan a session, that is flexible to what the players do. Like a formula or something that most DMs use?

Replay-Resistant Stateful Session Handling

I am currently creating an RPC server using gRPC and want a secure way to handle session tokens. I am currently using stateful session handling, where the user logs on and the server replies with an session token, which the client sends in every RPC request. The server then uses this token to verify that the client is authenticated, and that the calling user has sufficient permissions. All communication happens over TLS, all standard stuff.

I’m concerned about the possibility that if an attacker got a hold of a valid session token, they could then use the token to pose as the user who originally had that token. I’ve been wondering if there’s a standard or well known algorithm that would allow clients to generate new stateful session tokens before every request that would only be valid for one use.

I’m thinking this could work similarly to how TLS negotiates a session key from the client random, server random, and premaster secret. Both the client and the server could decide on a shared “seed” that will allow them both to produce peudorandom session tokens in a deterministic order, and an attacker who gets ahold of a session token will only be able to use it if the client hasn’t already. The server would verify the client’s session tokens by generating the next session token from the shared “seed”, and verifying that it matched the sent session token.

The benefit of this would be that session tokens would only be valid for one request, but this system would fail if an attacker somehow got ahold of the shared “seed”. Still, because the “seed” would never be sent over the wire, this could provide some extra security. Does something like this exist, and if not is this a solid idea worth implementing? I do not want to roll my own crypto, hence why I am primarily seeking some standard way of doing this. But if nothing like this exists, I want to know if this is a flawed idea or not.