![]() This is a cryptographic token that can only be used once. This requires something that cannot be reusable by multiple clients, as such it could be implemented as a nonce. The authentication of the user when they actually request to play a video is the other problem you're asking about. You already know how to solve that problem, clearly. ![]() It's an entirely different problem to solve. Logging into Netflix itself is moot, because that's an application state. The authentication mechanism must not be re-usable by any other client.When a video is being played the server must have a way to authenticate the client.There are two requirements to solve this problem in a more general way. ![]() Of course, if the server just correlates the session cookie that's supplied by the client directly to a device this entire solution falls apart, because as you deduced we could just easily copy the cookie to another client. Regardless of how Netflix implements this solution, let's consider the general solution to such a problem more abstractly.įirst, you need to be able to separate between what you call a session, which is primarily just used to retain user-application state, and the mechanism that authenticates the user when they are playing a video.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |