Struct lu_packets::world::server::ClientValidation
source · [−]pub struct ClientValidation {
pub username: LuWString33,
pub session_key: LuWString33,
pub fdb_checksum: [u8; 32],
}
Expand description
Provides session info for authentication.
Trigger
Receipt of Server handshake.
Handling
Verify with your auth server that the (username, session_key)
combination is valid. If not, immediately disconnect the client, ideally with a DisconnectNotify::InvalidSessionKey
.
If you are concerned about players modding their client DB, also check the fdb_checksum
. Note that players can still change their client to send a fake checksum, but this requires exe modding, which most players are presumably not familiar with.
If all validation checks pass, store the connection -> username association, as this is the only packet that references the username.
Response
The client does not require a fixed response to this packet. However, world servers (with the exception of a dedicated char server) will usually want to respond to this with LoadStaticZone
.
Notes
Important: Do not handle any other packets from clients that have not yet been validated. Handling other packets before validation can lead to errors because the connection has not yet been associated with a username, and can lead to security vulnerabilities if session keys are not validated properly.
Fields
username: LuWString33
Account username.
session_key: LuWString33
fdb_checksum: [u8; 32]
MD5 hash of null-terminated cdclient.fdb file contents.