Serverside Logout wait time

[GoogleCodeExporter]

We know about Logout hack.  A user with a hacked client can logout and not
have to wait through the 10 second logout time.  This is because logout
wait code is inside client, and when the client dies, the HG Server tells
the Login Server to kill the client and save the data.  

This also users to take advantage of plug pulling/terminating game client.
 Something needs to be done to ensure that a user who does these things
will stay logged on for 10 seconds as a 'ghost.'

Original issue reported on code.google.com by SirHypnotoad@gmail.com on 14 Oct 2009 at 9:01

[GoogleCodeExporter]

I think we need send packet to HG when client click "Logout".
If 10 seconds pass, HG send packet to client and he can logout.

There is my idea on security logout.
Draft

Original comment by hbpoland@gmail.com on 18 Oct 2009 at 8:13

[GoogleCodeExporter]

I'll stick to Hypno's idea. If 10 sec does not pass and client logouts then he 
will
be ghost character. This could be useful when player logouts after damage. 

Original comment by Drajwer@gmail.com on 18 Oct 2009 at 11:22

[GoogleCodeExporter]

Also should make ghost character take percentage less damage from NPC/Mob 
incase it
is true lag disconnect.  We don't want disconnect people to die to npc because 
the
Disconnect.  But if they plug pull to avoid PVP they should take normal damage.

I think ghost is only true solution.  Requires client to be simulated kept 
alive in
HG server.  If you give them 10 second requirement they will just pull plug.  

This way accidently true DC player wont die from NPC but PVP player is screwed.

Original comment by SirHypnotoad@gmail.com on 18 Oct 2009 at 3:21