Blog

Technical Dive: The Power of Session Keys

Joan Alavedra
Group 329.svg

In the burgeoning domain of Web3, an innovative concept has emerged—session keys. These keys are akin to the well-known JSON Web Tokens (JWTs) but come with a twist, facilitating decentralized user verification in contrast to the centralized verification in traditional systems.

Session Keys in Action

Session keys are cryptographic keys used to establish a secure connection between a player's device, the game server and the user's web3 account. They act as temporary, specific-use keys for Web3, offering a much-needed solution. Session keys are similar to JWTs in the Web2 realm but come with more versatility, essentially serving as "programmable JWTs."

They are generated inside the player's device and are used to authenticate requests from the player. Session keys are short-lived and typically expire after a certain period of inactivity or when the player logs out. See an example here (works both in dekstop and mobile).

These keys permit users to interact with a game based on predefined conditions, such as duration, token spending limits, post frequency, or other functions specific to the smart contract.

Incorporating session keys into web3 games offers several advantages:

  • Security: Session Keys are scoped, and smart contracts can dictate which instructions a specific session key can accept. By storing expiry and access information at the contract level, session keys become less vulnerable to security risks. Additionally, layered security further protects user assets.
  • User Experience (UX): Session keys significantly improve crypto UX by eliminating the need for constant wallet popups while a user performs actions within a dApp for a specified duration.
  • Interoperability: Session keys function at the contract level, allowing users to continue using their preferred browser wallets while interacting with a dApp that supplies a session key in the background. This maintains app interoperability and enhances UX.

Gaming and Session Keys

One of the most promising applications of session keys lies in the gaming domain. Given that many modern games involve in-game purchases, trades, and other transactions, session keys can drastically improve the gaming experience.

By allowing users to pre-authorize a range of transactions, games become smoother and more engaging. Players no longer need to pause their game every time they make a transaction, leading to uninterrupted gameplay.

How session keys work-1.svg

Let's explore the four major steps involved in this process.

  • When players log in, they should generate a session key on their device and send it to your game server.
  • The sensitive part of the session key (session private key) is always securely stored on the player's device and should never be disclosed.
  • The player should include the public part of the session key in subsequent requests from the player's device to the game server for authentication. Such requests should be digitally signed by the secret part of the session key.
  • On the game server, validate the session key and the signature before processing the request.
  • Periodically refresh the session key during the player's session to maintain security.
  • Players can invalidate the session key whenever they want, e.g.: after logging out or after a certain period of inactivity.

The Bright Side of Session Keys

SessionKeysExample (1).svg

Session keys can potentially redefine user interactions with games, offering a seamless experience that's unprecedented in the Web3 domain:

  • Bypassing Confirmations: No more disruptions! Session keys can help bypass continuous transaction confirmations, especially beneficial in applications where frequent small transactions are made.
  • Offline Operations: Session keys enable users to execute transactions even when offline. For example, a user can participate in an NFT drop without having to be online at the time of the drop.

Setting New UX Standards

The introduction and adoption of session keys are not just about improving transactions; they are setting a new standard for user experience in the Web3 domain. By offering features like offline transactions and bypassed confirmations, session keys are paving the way for more intuitive and user-friendly games.

Excited to use Session Keys in your game? Let's get started by looking at our Documentation and our Youtube video for more.

If you have more questions/ideas/queries, join our Developer Discord and let us know there. Furthermore, you can follow us on Twitter for our updates as we keep shipping.

Share this article