Why do we need a sessionID? #4277

Gua-naiko-che · 2022-02-11T15:45:27Z

Gua-naiko-che
Feb 11, 2022

This is a question about an implementation detail in the documentation examples.

Here it says

On the server-side (server/index.js), we create two random values:

a session ID, private, which will be used to authenticate the user upon reconnection

a user ID, public, which will be used as an identifier to exchange messages

Why do we need a session ID different from the user ID? Wouldn't it be enough just to use a server-generated user ID for both message exchanging identifier and for identifying the user upon reconnection?

Answered by darrachequesne

Feb 12, 2022

Hi! That's because the session ID must be kept private, else anyone could authenticate as a given user (since the user IDs are shared to all the other users).

View full answer

darrachequesne · 2022-02-12T21:23:54Z

darrachequesne
Feb 12, 2022
Maintainer

Hi! That's because the session ID must be kept private, else anyone could authenticate as a given user (since the user IDs are shared to all the other users).

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Why do we need a sessionID? #4277

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Why do we need a sessionID? #4277

Uh oh!

Gua-naiko-che Feb 11, 2022

Replies: 1 comment

Uh oh!

darrachequesne Feb 12, 2022 Maintainer

Gua-naiko-che
Feb 11, 2022

darrachequesne
Feb 12, 2022
Maintainer