fredi-68
commented
5 years ago I've added the ability for different characters from the same user account to be loaded into the game by passing the character ID through the account database. In theory, the same system could be used to manage the session tokens as well. However, this would require the implementation of user passwords which are currently not checked, since session authentication doesn't make much sense without user authentication at the auth level.
Currently the only requirement to play on an existing user account is to know its name. Passwords are not being checked, and neither are session tokens. This means not only can anyone who manages to connect to the server play on any account; the same character can load into the game multiple times at once.