Closing a connection or forcing re-authentication



I have a browser based client that I cannot trust. I am using to write a game and hacking/abusing is a major concern.
My dynamic authenticator doesn’t allow a user to be logged in through different sessions at the same time. However, I would like to give the option to remotely kill the existing session.

I can use a token with every request that I send to manage that and simply let the old token expire. However, it would be much more elegant if I found a way to prevent access at a WAMP level.

How should I go about this?

  1. Should I kill the websocket connection from the server? How would I do that?
  2. Should I force the session to re-authenticate itself? How could this be achieved?

Any help would be appreciated.