I have a browser based client that I cannot trust. I am using crossbar.io to write a game and hacking/abusing is a major concern.
My dynamic authenticator doesn’t allow a user to be logged in through different sessions at the same time. However, I would like to give the option to remotely kill the existing session.
I can use a token with every request that I send to manage that and simply let the old token expire. However, it would be much more elegant if I found a way to prevent access at a WAMP level.
How should I go about this?
- Should I kill the websocket connection from the server? How would I do that?
- Should I force the session to re-authenticate itself? How could this be achieved?
Any help would be appreciated.