LOC-2 joinRoom now generates and returns a 1024 bit session key
When the user successfully joins a room, a 1024 bit session key is generated and returned. The client stores this for use with later requests.
It's use isn't currently enforced (coming soon) and the table isn't currently tidied when a user leaves/is kicked (again coming soon).
The session key is prefixed by the room id, in the format
The idea being that when a room is closed, it's trivial to remove all related sessions.
My concern here, though, is that it may leak how many rooms there are. If your session key starts 10 then you know there are (or have been) 10 rooms (including yours).
So, either we need to change the prefix to be the room name, or perhaps just have the server seed the room IDs with a random number at startup.
The problem with the latter is that we risk running out of IDs if the number's truly unbounded, and if it is bounded and we're near the upper bound you can still take an educated guess.
So it's probably better to switch using the room name in hindsight. Will change that next