Hello,
After doing a succesful DELETE request to OV Server REST API to ban an user and to silence a user with 204 status, I realize that these users can join another time the session with that custom_session_id without any problem. Is this the expected behavior?
Thanks in advance 
Sorry, I suppose that the same connectionId canβt join, but obviously one user in my database can join another time the same session because for openvidu server is a different connectionId. Is it possible getting that the eviction works for all the duration of the sessionId? Maybe including in the serverData something like the username associated to that connectionId, or something like that?
I like the actual behavior for disconnectiong feature, but I would like to improve the eviction one in my system.
Thanks!
Hi,
You control which users are allowed to connect to your session through token generation in openvidu-server.
Tokens are single-use only, so that means that any user calling Session.connect() will require a brand new token for each call to that method. You can protect your backend using any method you want: just identify the user asking for a token and decide whether he can get it or not. In the end your application backend is the one deciding whether to send your clients a token or not.