Jump to content

Tips for Securing a Ticket: Resale Edition

leonaves

By leonaves,
in Chat

 Share

Recommended Posts

leonaves Contributor

leonaves

Posted
Posted (edited)

A few tips for everyone trying this week. First, a coach specific note:

In the general sale:

Applicable to all:

  • The rate limit is 60 refreshes per second and this is per IP. So the more people you have on the same internet connection the more you eat into that. For example 4 people sharing an outbound IP may be limited to 15 refreshes per second each.
  • I say "may" as there are at least 5 load balancing servers, each of which enforce the rate limit independently. If each device on the same connection happens to be connected to a different backend server, they will not infringe on each other's limit. As far as I can tell, the traffic is balanced between these servers simply using DNS round robin, which means when your browser requests glastonbury.seetickets.com, it will get one of 5 IP addresses. But due to caching (and probably cookie-based affinity) if you then refresh, you will then hit the same server every time. The thing to note about this is that most people on the same connection are going to be hitting the same load balancer in typical situations as DNS resolutions are typically cached at the router. You could probably get very involved and manually configure devices to hit a specific IP, but I would say the best middle-ground is to ensure each device on the same connection is not going to the router for DNS resolution. There are instructions on how to set up cloudflare's 1.1.1.1 resolver directly on devices here: https://developers.cloudflare.com/1.1.1.1/setup/
  • Use as many internet connections as possible. So, if your friends are all planning on coming together to one location to try, that's probably a worse approach than everyone staying at home. If you are in a situation where you have many people on the same network trying (such as an office environment), your best bet is to use a mobile device / tether, as your mobile connection has its own outbound IP and therefore its own independent rate limit.
  • Auto-refresh extensions are fine. Popular belief is that these extensions might get your ticket cancelled. I have never heard of this happening and I can't see how it would be detectable. If you use these extensions, you will improve your chances as you can have multiple browsers refreshing and looking for the desired text on the page. I'd recommend this one: https://chrome.google.com/webstore/detail/auto-refresh-plus-page-mo/hgeljhfekpckiiplhkigfehkdpldcggm?hl=en as it lets you look for text on the page and stop refreshing. I would probably look for the word "registration" as there is a form on the final page that asks for your registration number, and the holding page has never said anything about that. But you can pretty quickly change that if the holding page does end up triggering it.
  • Don't use multiple browser windows, but do use multiple browsers/sessions. Multiple windows in chrome all share the same session cookies. You risk messing up your order if you have multiple windows open especially with extensions. Plus, if session affinity for the load balancers is done with cookies, each window will definitely be hitting the same backend and therefore sharing the same rate limit. Try instead opening, for example, a chrome window, a firefox window, a safari window, etc. You can also use chrome incognito mode, as that has a separate store of cookies to the main chrome profile, and if you want to go even further you can add named profiles to chrome which also have their own set of cookies. But note that browser extensions are per profile, and need to be enabled to work in incognito mode in settings, if you're planning on using extensions to refresh each of these, you'll need to be prepared.

These are probably all the tips I know that may not be well known but obviously there are plenty of other posts out there about generally being prepared, having a spreadsheet ready, and making sure you are not attempting to purchase for a registration that already has a ticket, as that screws up the order and locks all the registrations out for 10 minutes.

Oh and good luck!

Edited by leonaves
  • Like 2
  • Thanks 1
  • Upvote 19
Link to comment
Share on other sites
  • Replies 192
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

leonaves
leonaves

A few tips for everyone trying this week. First, a coach specific note: The page you will be initially refreshing will be glastonbury.seetickets.com/content/extras, it will eventually load a pag

gigpusher
gigpusher

Well done those who were lucky enough to get them might be inclined to take out gold membership or pop a donation towards the running costs of the forum. 😉 There's a button the the right hand side of

JSmurphy
JSmurphy

I recommend using a 'text expander' extension on your browser.  You can assign a trigger, I use 'R1/'P1 (registration/postcode), and it'll automatically fill in the information you've assigned. I

Posted Images

kalifire Grand Master

kalifire

Posted
Posted
3 hours ago, leonaves said:
  • The rate limit is 60 refreshes per second and this is per IP.

I'm not suggesting this isn't true, but what is it based on? That many refreshes would only be possible with a high speed auto-refresh add-on, and previous terms for securing a ticket included "Glastonbury Festival will cancel all bookings made using multi-hit software or applications to ensure everyone has a fair and equal chance of getting a ticket"

So it's not so much a 'popular belief' but a condition set out by the Festival. IIRC, See confirmed they had the means to detect and block IPs with extremely high refresh rates. Whether they actually do or not, I don't know.

  • Downvote 1
Link to comment
Share on other sites
JoeyT Veteran

JoeyT

Posted
Posted
14 minutes ago, TheFullShaboo said:

And what’s the deal with a page crashing after you’ve entered your registration or card details? Click back and not refresh? 

I thought they’d sorted that hadn’t they?

As in, you’ve got 5 mins to finish the transaction once on that page?

Link to comment
Share on other sites
TheFullShaboo Community Regular

TheFullShaboo

Posted
Posted
3 minutes ago, JoeyT said:

I thought they’d sorted that hadn’t they?

As in, you’ve got 5 mins to finish the transaction once on that page?

I’m not too sure? 
This is to deal with the issue though if the page crashes, like a white unresponsive screen. What do you do then? Im sure it’s been said on here to always click back instead of refresh….

 

Link to comment
Share on other sites
leonaves Contributor

leonaves

Posted
  • Author
Posted (edited)
3 hours ago, JoeyT said:

I thought it was capped at 60 refreshes a minute not a second?

5 hours ago, kalifire said:

I'm not suggesting this isn't true, but what is it based on?

I apologise, and I can't edit the original post any more (if anyone knows how that would be great) but you're both right, that was a typo. It's 60 a minute.

In terms of what it's based on, you can test it by going to glastonbury.seetickets.com right now and refreshing more than 60 times for a minute. The rate limiting is turned on year-round. You will see this page:


image.thumb.png.5d83e115c88ff4b77d2f16bba709facd.png

And the network tab confirms that it's hit a rate limit:

image.thumb.png.f341104eb498899c55fa07d1339df48d.png

And you can show that it's per IP by using another device on the same network, which will show that page after the first has hit the rate limit. But if you manually change the DNS resolution to a different IP on the same device, you get through.

Quote

See confirmed they had the means to detect and block IPs with extremely high refresh rates.

I'm sure they have the means, but two things here: firstly, they don't need to "block" anyone, the existing rate limiting does the job just fine. If an IP makes more than 60 requests in the space of a minute it is forced to slow down. Secondly, everyone on one wi-fi network shares the same outbound IP, so if you're on a public network, an office, etc. with a bunch of people trying, that IP address will be hitting the server hundreds of times in a minute, perfectly legitimately. Blocking everyone on that IP would be unfair.

The biggest point I want to make here is that you should try and make sure everyone person/device in your group should not be sharing its IP with too many other people/devices also trying for tickets, if possible, hence the advice to tether or use home networks on your own. If it's unavoidable, setup DNS resolution directly on your devices (follow the instructions in that link to cloudflare) to give them the best chance of hitting different backend servers and not having to share their rate limit with everyone on the same network.

 

Edited by leonaves
Link to comment
Share on other sites
TheFullShaboo Community Regular

TheFullShaboo

Posted
Posted
20 minutes ago, JoeyT said:

In a weird sadistic sort of way I'm missing that pre-ticket sale buzz.

Mines slowly crept in the last couple of days. Im all sorted but we're after one more for a friend who's never been before, which i think is ramping up the nerves / excitement / anxiety even more!

Link to comment
Share on other sites
leonaves Contributor

leonaves

Posted
  • Author
Posted
Just now, Somto Unigwe Raphael said:

Does anyone know if there are any restrictions on the type of card you can use? I recall seeing some posts about it during the balance payment window this year, I believe.

AFAIK, debit and credit are both fine unless you are registered outside the UK in which case it's credit only.

Link to comment
Share on other sites
incident Grand Master

incident

Posted
Posted
1 minute ago, Somto Unigwe Raphael said:

Does anyone know if there are any restrictions on the type of card you can use? I recall seeing some posts about it during the balance payment window this year, I believe.

For the UK - Not Amex. Anything else should be fine.

Link to comment
Share on other sites
Somto Unigwe Raphael Veteran

Somto Unigwe Raphael

Posted
Posted
7 minutes ago, leonaves said:

AFAIK, debit and credit are both fine unless you are registered outside the UK in which case it's credit only.

 

6 minutes ago, incident said:

For the UK - Not Amex. Anything else should be fine.

Perfect, thanks. Shouldn’t be any issues for me, then.

Link to comment
Share on other sites
curlylocks88 Enthusiast

curlylocks88

Posted
Posted
9 hours ago, leonaves said:

A few tips for everyone trying this week. First, a coach specific note:

In the general sale:

Applicable to all:

  • The rate limit is 60 refreshes per second and this is per IP. So the more people you have on the same internet connection the more you eat into that. For example 4 people sharing an outbound IP may be limited to 15 refreshes per second each.
  • I say "may" as there are at least 5 load balancing servers, each of which enforce the rate limit independently. If each device on the same connection happens to be connected to a different backend server, they will not infringe on each other's limit. As far as I can tell, the traffic is balanced between these servers simply using DNS round robin, which means when your browser requests glastonbury.seetickets.com, it will get one of 5 IP addresses. But due to caching (and probably cookie-based affinity) if you then refresh, you will then hit the same server every time. The thing to note about this is that most people on the same connection are going to be hitting the same load balancer in typical situations as DNS resolutions are typically cached at the router. You could probably get very involved and manually configure devices to hit a specific IP, but I would say the best middle-ground is to ensure each device on the same connection is not going to the router for DNS resolution. There are instructions on how to set up cloudflare's 1.1.1.1 resolver directly on devices here: https://developers.cloudflare.com/1.1.1.1/setup/
  • Use as many internet connections as possible. So, if your friends are all planning on coming together to one location to try, that's probably a worse approach than everyone staying at home. If you are in a situation where you have many people on the same network trying (such as an office environment), your best bet is to use a mobile device / tether, as your mobile connection has its own outbound IP and therefore its own independent rate limit.
  • Auto-refresh extensions are fine. Popular belief is that these extensions might get your ticket cancelled. I have never heard of this happening and I can't see how it would be detectable. If you use these extensions, you will improve your chances as you can have multiple browsers refreshing and looking for the desired text on the page. I'd recommend this one: https://chrome.google.com/webstore/detail/auto-refresh-plus-page-mo/hgeljhfekpckiiplhkigfehkdpldcggm?hl=en as it lets you look for text on the page and stop refreshing. I would probably look for the word "registration" as there is a form on the final page that asks for your registration number, and the holding page has never said anything about that. But you can pretty quickly change that if the holding page does end up triggering it.
  • Don't use multiple browser windows, but do use multiple browsers/sessions. Multiple windows in chrome all share the same session cookies. You risk messing up your order if you have multiple windows open especially with extensions. Plus, if session affinity for the load balancers is done with cookies, each window will definitely be hitting the same backend and therefore sharing the same rate limit. Try instead opening, for example, a chrome window, a firefox window, a safari window, etc. You can also use chrome incognito mode, as that has a separate store of cookies to the main chrome profile, and if you want to go even further you can add named profiles to chrome which also have their own set of cookies. But note that browser extensions are per profile, and need to be enabled to work in incognito mode in settings, if you're planning on using extensions to refresh each of these, you'll need to be prepared.

These are probably all the tips I know that may not be well known but obviously there are plenty of other posts out there about generally being prepared, having a spreadsheet ready, and making sure you are not attempting to purchase for a registration that already has a ticket, as that screws up the order and locks all the registrations out for 10 minutes.

Oh and good luck!

This is incredibly helpful to a noobie like me 🙂 

Thank you ever so much. Hope to see you there so I can buy you a beer as a thank you 

Link to comment
Share on other sites
Hotchilidog Proficient

Hotchilidog

Posted
Posted

Does anyone else just go one device, one browser? I prefer to only have one screen to worry about whilst I am in full on ticket mode. Twice I have managed to secure coach tickets (once in a resale) on my commute home on my phone. No idea how I entered my card info on those two occasions I was shaking so much!

  • Upvote 1
Link to comment
Share on other sites
leonaves Contributor

leonaves

Posted
  • Author
Posted
1 minute ago, Hotchilidog said:

Does anyone else just go one device, one browser? I prefer to only have one screen to worry about whilst I am in full on ticket mode. Twice I have managed to secure coach tickets (once in a resale) on my commute home on my phone. No idea how I entered my card info on those two occasions I was shaking so much!

To be honest, there's nothing wrong with this approach. One thing to take away from this post is that as long as you have an internet connection to yourself (i.e. your own home broadband or your own mobile internet) you actually stand just as good a chance as a whole group of people all sharing one connection. I want to make people aware of how the rate limiting works partly because I think it's important to know you're kind of getting screwed if you are on a widely used network, and to avoid doing that at all costs.

  • Upvote 1
Link to comment
Share on other sites
Hotchilidog Proficient

Hotchilidog

Posted
Posted
2 minutes ago, leonaves said:

To be honest, there's nothing wrong with this approach. One thing to take away from this post is that as long as you have an internet connection to yourself (i.e. your own home broadband or your own mobile internet) you actually stand just as good a chance as a whole group of people all sharing one connection. I want to make people aware of how the rate limiting works partly because I think it's important to know you're kind of getting screwed if you are on a widely used network, and to avoid doing that at all costs.

Very sound advice, and your OP was very informative indeed.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.


×
×
  • Create New...