Sign in to follow this  
Rockslide

Login server

Recommended Posts

Hi,
I am trying to accomplish a login system like Minecraft uses.
For those who don't play Minecraft: Player's have to buy the game and log in to play multiplayer. It is NOT an mmo however, the game servers are hosted by players (anyone can host a server).
So the only server hosted by the company is the login-server. Once a player is verified by that server, it can connect to any player-hosted game server.

I've been trying to figure out how this works, but can't think of a way that doesn't require the player to stay connected to the login-server during the whole time he is playing.
Minecraft has over 4 million registered players. Sure, they won't all play at the same time, but a couple of 100 thousand might. Keeping that many connections open on the login-server would require some special hardware I imagine. If the connection is closed immediately after the log-in is succesfull, pretty much any computer could handle it.

Seeing as the login-server is there for the sole purpose of preventing piracy, it would be a shame to have to hire special hardware for it.

But if the player does NOT stay connected to the login-server, how would I prevent multiple logins on the same account?

Share this post


Link to post
Share on other sites
[quote name='Rockslide' timestamp='1297968435' post='4775512']
I've been trying to figure out how this works, but can't think of a way that doesn't require the player to stay connected to the login-server during the whole time he is playing.
[/quote]

I don't know exactly what Minecraft does, but the [url="http://www.gamedev.net/index.php?app=forums&module=forums&section=rules&f=15"]Forum FAQ[/url] does list some articles on game authentication, which includes a token-based system where a user can log in with a server, get a token, and then the server the user connects to verifies this token with the login system. If a token has an expiry time (1 hour? 12 hours?) then the game client needs to check back with the login server every so often, but not terribly often.

It's also totally possible for each user-hosted server to keep a persistent connection to the login server. The login server might want to know all servers that are up anyway, for a server browser interface.

Note that a "server," once you have hojillions of game servers running, may actually be hosted by more than one physical pieces of hardware -- a so-called "cluster." You're unlikely to need to go there, though, as 100,000 active servers keeping connections to a single central host is totally possible to keep running on a single (server-class) machine.

Share this post


Link to post
Share on other sites
[quote name='Rockslide' timestamp='1297968435' post='4775512']
Minecraft has over 4 million registered players. Sure, they won't all play at the same time, but a couple of 100 thousand might. Keeping that many connections open on the login-server would require some special hardware I imagine. [/quote]

No, just a Small[url="http://urbanairship.com/blog/2010/09/29/linux-kernel-tuning-for-c500k/"] EC2 instance[/url] (around $100/month).

[quote]Seeing as the login-server is there for the sole purpose of preventing piracy, it would be a shame to have to hire special hardware for it.[/quote]
Um...

If anything, preventing piracy is a fantastic reason to pay for it. Having to deal with piracy means you have something people want. Preventing is means you're making money. And with 500k users, if each pays just a cent per month, it's a huge profit margin.

Share this post


Link to post
Share on other sites
Hmm yes, I was thinking along the lines of a token system myself. It should work by having the game-servers always stay connected and having them inform the login-server when a player logs out. If the game-server loses connection all its players should get logged out. If a game-server is hacked it could block player accounts by never letting them log out, but your suggestion of having players check in every so often will remedy that. That will also prevent multiple logins on a hacked server.
Then the only way multiple logins would be possible is if both the server and client would be hacked. Which is acceptable to me.
I think I have all possible scenarios of abuse pictured in my head now, and I'll make it work :)

Ofcourse if anyone else has a better a idea, or more info about how Minecraft does it please share.


[quote name='hplus0603' timestamp='1297976391' post='4775581']
I don't know exactly what Minecraft does, but the [url="http://www.gamedev.net/index.php?app=forums&module=forums&section=rules&f=15"]Forum FAQ[/url] does list some articles on game authentication[/quote]

I had a look at the FAQ before I made this topic, but found nothing relevant to my question. I just looked through it again, but I can't seem to find the article you are talking about. Is it in one of the 34 Q's, or did I overlook a link somewhere?

@Antheus:
Thanks, I will read into that link. 100$ a month would indeed be worth it :)

Share this post


Link to post
Share on other sites
[quote name='Rockslide' timestamp='1297982313' post='4775620']
I had a look at the FAQ before I made this topic, but found nothing relevant to my question. I just looked through it again, but I can't seem to find the article you are talking about. Is it in one of the 34 Q's, or did I overlook a link somewhere?
[/quote]

You're right! I wonder where that Q went. It linked to [url="http://www.mindcontrol.org/~hplus/authentication.html"]an article from a few years ago[/url] (top link on Google for "authentication for games"). An updated version of which is available in Game Programming Gems 7, too.
Now I have to figure out how to re-edit the FAQs in this new forums system...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this