Hi, Pre Note: [If you cant be bothered to read the whole post] in need to have an Auth server which checks usernames and passwords on 1 PC. Chat server and Game server on potentially other PCs. Wjats the best way to ensure that a client connecting to game or chat server is authenticated and not logged into multiple servers. Im trying to develop my game server so that it will be very scalable. I have developed seperate server for the game world, and chat server. These will then be setup on multiple server PCs on different internet connections. My aim is to have it so a single account can only be logged into a single server at a time. Also there should be only a single authentication server which all the other servers communicate with to check if a user is valid. The idea I have at the moment for managing user connecting to a server: * Client->AuthServer: Connects to Auth Server * Client->AuthServer: Sends username and password * AuthServer->Client: Checks they are correct and sends back the IP of the chat server they should connect to + an Auth Code * Client->ChatServer: Connects to Chat server * Client->ChatServer: Sends username and Auth Code (as issued by auth server) * ChatServer->AuthServer: Log this username+authcode as connected to this server AuthServer: Checks AuthCode matches the username [AuthServer: if the user is logged into another server] * AuthServer->OtherServer: Kick the user [end if] * AuthServer->ChatServer: Accept the user * ChatServer->Client: Your logged in of course this excludes the alt case senario when the password is wrong or auth code is wrong. It becomes most complex when a user is switching between servers.. Im guessing I will have to have the client always stay connected to the auth server (if it logs out then the record for that user is removed from the auth server including their auth code). Then when a client wants to change servers (for example from chat server to game server) it would send a message to the chat server saying so. chat server would then tell auth server that client x was no longer connected to the chat server, and then tell the client to proceed connecting to game server. Client would then connect to game server and the above login actions above would happen. HELP ! does that make ANY sence ??? is there a better way ? Thanks in advance Tim [with a headache]

One solution is to design the project such that the authentication server (outer) and the chat server (inner) to negotiate on any given client. The client would first talk to the authentication server, which updates the chat server. Conversely, the chat server could talk to the talk to the authentication server about a client.

Kuphryn

1) Player connects to Auth server and specifies login details
2) Login details correct, Auth server gives user a ''ticket''
3) Player connects to game server, which gives ''ticket'' to Auth server to verify
4) Auth server notes ticket as being in use.
5) Game server recieves ''OK'' response from Auth server.
6) Player gets let into game

Additionally:

1) Player tries to log into another game server
2) Auth server recieves ''ticket''
3) Ticket marked as being in use on another server
4) Player gets friendly error message

On dealing with players being disconnected from games, after a timeout period, the game server notifies the Auth server that the ticket held for that player is to be deleted...

On a player trying to login twice:

1) Player sends details to Auth server
2) Auth server checks ticket database
3) Player supposedly already has a game in session
4) Player given option to resume play or abort play(up to you)
5) Ticket released(if necessary) or ticket re-issued to player client to allow them to log back into the game server.

And thats one way of doing it

WarDome: PHP MMORTS In Development