0

The simple architecture and summary of dilemma:

  • Entry Point: Client successfully authenticates itself to a singleton LoginServer (via TCP the connection supplies valid username+password). LoginServer is the only Server with access to the salted login database.
  • LoginServer intelligently selects a single GameServer from a list of GameServer(s) to assign this Client. After being assigned to a GameServer, Client will send I/O requests to said GameServer exclusively, which will be processed internally by nature of game design.

  • Dilemma: GameServer contains no data of Client and is unaware of the "handshake" that took place between LoginServer and Client. GameServer is incapable of putting the piece of authentication from LoginServer to the appropriately mapped Client ... because what does it have to work with?

  • Potential Solution: After successfully authenticating with LoginServer, Client is given a unique token to validate itself with GameServer(s).

Side note: I'm assuming using anything IP-based is a security concern due to potential IP spoofing.

mcw
  • 50
  • 5

1 Answers1

0

You can create sessions between servers and clients.

Session details should be decided by you and should be created when user login using LoginServer. Then login server should forward those details to Game server so that both CLIENT and SERVER know their identity.

Extra Reading -

Creating a secure login using sessions and cookies in PHP

http://blog.teamtreehouse.com/how-to-create-bulletproof-sessions

What are sessions? How do they work?

PHP Session Security

Community
  • 1
  • 1
Kavindu Dodanduwa
  • 12,193
  • 3
  • 33
  • 46