Written by Awportals.com

Sessions

Traditionally there have been 2 ways of identifying users in Activeworlds, one is through their name, and while unique throughout the universe for tourists and citizens these names are not unique for bots, there is however a special identifier unique to every connection to the universe server – that is the session number.

The session number is a 16 bit integer that uniquely identifies each user in the universe at any given time, the session number is established when a login is made to the universe server and changes whenever the client makes another login such as changing privileges or simply logging out and in again.

Originally session numbers were sequential; the first person to log in was session 1, followed by session 2, session 3 and so forth. However with the start of 4.1 this session number was randomised to help with security after it was found to be vulnerable to attack.

Session number 0 is a special context, and it denotes all users within a given world. Through this session number it is possible to send a broadcast to all users without needing to know where in the world they are.

Sessions and the SDK

With the introduction of the SDK almost 10 years ago, the session number became recognised the absolute method of referring to an avatar, all avatar related commands in the SDK took either a session number as an argument, or as an enumerated attribute. Despite this several bots were still produced that based their identification upon user name which was usually provided by the SDK along with a session number.

There are 2 major attributes that are associated with sessions with the first of which being AW_AVATAR_SESSION. This enumerated attribute defines the relevant avatar for all events other than chatting such as enter, changing, deleting, clicking and object actions. The second major enumerated attribute being AW_CHAT_SESSION which identifies the avatar that spoke in relation to a chat event – one of the biggest problems for new bot makers is the confusion caused between these 2 attributes, with bugs often introduced by programmers using AW_AVATAR_SESSION in place of AW_CHAT_SESSION.

There are of course other enumerated attributes and arguments that provide or set session numbers, these may be found in the SDK documentation along with the aw_session function that defines the session for the current instance.

Future Changes

Although not currently implemented, there has been discussion during 2006 / 2007 of the possibility of increasing the range of the session number to 32 bits to provide additional security due to the randomisation range.
However, at the time of discussion these changes were not made as it was unknown how many bots still used 16 bit integers (Short in C++ and Integer in VB) to store sessions.

Despite sessions being allocated to tourists, citizens and bots, a major universe will rarely have allocated more than 1000 session numbers at any given time.