- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
Thanks for this. Am looping in the GameLift service team so they can respond.
Hey @REDACTEDUSER
You're correct that RealTime Servers currently does not perform checks that the PeerId belongs to a valid PlayerSession while receiving/sending messages. I've created a request with the GameLift team to update the RealTime Server to validate this. RealTime Server Validation of the PlayerSession is currently only performed after receiving a LOGIN packet, and if the client does not send a LOGIN packet (a client that is not using the default implementation of the RealTime Client SDK), they can continue to send messages without further validation.
As you've suggested in your post, the current recommendation for developers is to add checks that the sender PeerId belong to valid sessions to the server script callbacks (e.g. onSendToPlayer, onMessage).
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa