It's how the chat and forum integrate.
Take a look at the URL for the Live Chat link, You'll see the following:
Code:
http://chat.pilotsofamerica.com:8080/?0,2,0,0,0&nn=jesse&pu=http%3A%2F%2Fwww.pilotsofamerica.com%2Fforum%2Fmember.php%3Fu%3D590&au=http%3A%2F%2Fwww.pilotsofamerica.com%2Fforum%2Fcustomavatars%2Favatar590_27.gif&hmac=6e1310840cb46rae4108c7062d38a212&cu=
Notice a few things in there:
nn=jesse
pu=link to my profile page
au=link to my avatar
hmac=hash
So you can see that in the link to log into chat the username is passed directly in the link along with the profile url and avatar url. Now you might wonder, what would stop you from just changing that username value to whatever you'd like and being an admin in chat? That hash will stop you.
That hash is created by hashing a string that is something like string=username+date+secret-code
The chat takes the incoming username and the date and the secret code which it knows as well and hashes that. It then compares that hash to the hash in the URL. If that hash is correct it knows that URL is valid and was generated by the forum software. If you were to give someone your "Live Chat" link they'd be able to log in as you to the chat. But only for a day. Which is why it has the date in it.
This allows the chat to really not be integrated with the forums database it all. It has no idea that vbulletin is integrated with it. All it knows is that it takes a username, profile, and avatar from the URL and that's you. It uses the hash of that plus the secret code to stop people from messing with it.
The vBulletin code knows the secret code so it's able to properly generate that hash which it shoves into the link.
It's not how I'd built it...but it's how *I* had to build it since that's the only way I could log people into the LiveChat software in a way that would be based on their PoA profile but still be secure-ish.
If you remember way back, chuck had setup a chat, that wasn't secure at all. You could just change your cookie to be whichever user you wanted. I did it a little better
That's the long winded way of saying that if your link was generated yesterday, it won't work today.