========================================================================== Authentication -------------------------------------------------------------------------- This file describes how the authentication process works and how the servers use sessions. Contents: * Sessions * Client Session Ownership * Client Authentication * Server Authentication * Timeout Timers ========================================================================== Sessions -------------------------------------------------------------------------- Client Session: This session represents an account/character. It is identified by account_id, char_id, login_id1, login_id2 and sex. Only one server can own the client session. Only the owner can request changes to the account/character data. Char-server Session: This session represents a char-server. (in the login-server) It is identified by a unique cookie. It allows the char-server to reconnect, reclaim the client sessions owned before the disconnect and continue as if nothing happened. Note: each char-server that is connected to the login-server must use a different username+password Map-server Session: This session represents a map-server. (in the char-server) It is identified by a unique cookie. It allows the map-server to reconnect, reclaim the client sessions owned before the disconnect and continue as if nothing happened. Note: each map-server that is connected to the char-server must use the same username+password as the char-server ========================================================================== Client Session Ownership -------------------------------------------------------------------------- (passive) (active) (passive) login-server ------ char-server ------ map-server Login-server: Receives client session requests from the char-server(s). Char-server: Sends client session requests to the login-server. Sends client sessions to the map-server(s). Map-server: Receives client sessions from the char-server. Changing map-server: 1) ...(normal play) (client session owned by map-server1) 2) Player enters a map that is in map-server2. 3) Map-server1 sends save data to char-server and receives an ack. 4) Map-server1 sends client session to map-server2 via char-server and receives a reply. 5.a) [if failed] Player is sent to save point. (client session owned by map-server1) 5.b) [if ok] (client session owned by map-server2) 5.b.1) Map-server1 sends change map server to client. 5.b.2) Client disconnects. (to map-server2) Character select: 1) ...(normal play) (client session owned by map-server) 2) Client requests character select. 3) Map-server sends final save data to char-server and receives an ack. 4) Map-server sends client session to char-server and receives an ack. (client session owned by char-server) 5) Map-server sends character select ok to client. 6) Client disconnects. (to char-server) ========================================================================== Client Authentication -------------------------------------------------------------------------- Login-server: 1) Client connects to login-server. 2.a) [if raw password] Client sends username and password to login-server. 2.b) [if hash password]: 2.b.1) Client requests hash key (password salt) from login-server. 2.b.2) Login-server replies with new hash key to client. 2.b.3) Client sends username and hashed password to login-server. 3.a) [if auth failed] Login-server rejects client and client disconnects. (END) 3.b) [if auth ok]: 3.b.a) [if client session owned by a char-server] Login-server requests kick from char-server and rejects client and client disconnects. (END) 3.b.b) [else]: 3.b.b.1) Login-server (re)creates client session with new login_id1/login_id2. (client session owned by login-server) 3.b.b.2) Login-server sends account_id, login_id1, login_id2, sex and list of servers to client. 4) Client disconnects. (server selection is done offline; to char-server) Char-server: 1) Client connects to char-server. 2) Client sends account_id, login_id1, login_id2 and sex to char-server. 3.a) [if client session exists] (from map-server; character select) 3.a.1) [if client session matches] Auth ok. 3.a.b) [else]: Auth failed. 3.b) [else]: (from login-server; after server selection) 3.b.1) Char-server sends account_id, login_id1, login_id2 and sex to login-server. (request client session) 3.b.2.a) [if client session matches and not owned by another char-server] Login-server replies auth ok to char-server. (client session owned by char-server) 4.b.2.b) [else] Login-server replies auth failed to char-server. 5.a) [if auth failed] Char-server rejects client and client disconnects. (END) 5.b) [if auth ok]: 5.b.a) [if client session owned by a map-server] Char-server requests kick from map-server and rejects client and client disconnects. (END) 5.b.b) [if client session has a client attached] Char-server kicks other client, rejects client and client disconnects. (END) 5.b.c) [if client session doesn't exist] Char-server creates a client session. (client session owned by char-server) 6) Char-server sets an invalid char_id and attaches the client to the client session. 7) Char-server sends list of characters to client. 8) ... 9) Client sends character selection to char-server. 10) Char-server updates client session. (if another selection is received, the client is kicked and the session is released) 11) Char-server sends client session to target map-server and receives an ack. (client session owned by map-server) 12) Char-server sends char_id, mapname and map-server address to client. 13) Client disconnects. (to map-server) Map-server: 1) Client connects to map-server. 2) Client sends account_id, char_id, login_id1 and sex to map-server. 3.a) [if not found or doesn't match] Map-server rejects client and client disconnects. (END) 3.b) [else] ...(normal play) ========================================================================== Server Authentication -------------------------------------------------------------------------- Char-server connecting: 1) Char-server connects to login-server. 2) Char-server sends username and password to login-server. 3.a) [if auth failed or char-server session exists] Login-server rejects char-server and char-server disconnects. (END) 3.b) [else]: 3.b.1) Login-server creates char-server session with a unique random cookie. 3.b.2) Login-server replies login ok and cookie to char-server. 3.b.3) ...(normal server operation) Char-server reconnecting: 1) Char-server connects to login-server. 2) Char-server sends cookie to login-server. 3.a) [if cookie exists and is not connected]: 3.a.1) Login-server starts timeout timers on all the client sessions that were owned before the disconnect. 3.a.2) Login-server replies login ok to char-server. 3.a.3) Char-server reclaims client sessions from the login-server. 3.a.4) ...(normal server operation) 3.b) [else]: 3.b.1) Login-server rejects char-server. 3.b.2) Char-server kicks all players, discarding changes. 3.b.3) Char-server disconnects. 3.b.4) ...(continue in the previous case 'Char-server connecting') Map-server connecting: 1) Map-server connects to char-server. 2) Map-server sends username and password to char-server. 3.a) [if auth does not match] Char-server rejects map-server and map-server disconnects. (END) 3.b) [else]: 3.b.1) Char-server creates map-server session with a unique random cookie. 3.b.2) Char-server replies login ok and cookie to map-server. 3.b.3) ...(normal server operation) Map-server reconnecting: 1) Map-server connects to char-server. 2) Map-server sends cookie to char-server. 3.a) [if cookie exists and is not connected]: 3.a.1) Char-server starts timeout timers on all the client sessions that were owned before the disconnect. 3.a.2) Char-server replies login ok to map-server. 3.a.3) Map-server reclaims client sessions from the char-server. 3.a.4) ...(normal server operation) 3.b) [else]: 3.b.1) Char-server rejects map-server. 3.b.2) Map-server kicks all players, discarding changes. 3.b.3) Map-server disconnects. 3.b.4) ...(continue in the previous case 'Map-server connecting') ========================================================================== Timeout Timers -------------------------------------------------------------------------- Client moving from login-server to char-server: Timeout timer on the client session in the login-server. If time runs out the client session is released. (char-server can't authenticate client) It is canceled when the client session is authenticated. Client moving from char-server to map-server: Timeout timer on the client session in the map-server. If time runs out the client session is released. (client can't enter map-server) It is canceled when the client session is authenticated. Char-server reconnecting to the login-server: Timeout timer on the char-server session in the login-server. If time runs out the char-server session is released. (char-server can't reconnect) It is canceled when the char-server reconnects. (and starts the timers of the next case) Char-server reclaiming client sessions: Timeout timer on the client session in the login-server, that was owned by the disconnected char-server. If time runs out the client session is released. (char-server can't reclaim session) It is canceled when the client session is reclaimed. Map-server reconnecting to the char-server: Timeout timer on the map-server session in the char-server. If time runs out the map-server session is released. (map-server can't reconnect) It is canceled when the map-server reconnects. (and starts the timers of the next case) Map-server reclaiming client sessions: Timeout timer on the client session in the char-server, that was owned by the disconnected map-server. If time runs out the client session is released. (map-server can't reclaim session) It is canceled when the client session is reclaimed.