IOnlineSession: provide player specific information?

Hi,

Is there a way for servers to provide player specific information via IOnlineSession to the clients?

What we would like to do is provide clients who enumerate available sessions a way to know which servers already have information about them (number of available avatars and their names for example).

The option I am currently considering at the moment is the following:

  • Provide per-player information via FOnlineSessionSettings (i.e., include for each player registered on this server, a dedicated “avatar” key, which value is the list of their available avatars on this server).

At the moment it does not look like session settings can be modulated per the querying player’s FUniqueNetId so the obvious problem with this approach is that it requires us to expose player-specific information to all players which could possibly be used to stalk other players across servers.

It seems possible to encrypt information specific to each player using the players’s FUniqueNetId as an encryption key to guarantee that only them can decrypt it but obviously it would be better if we could also use a per-session key to encrypt this data to avoid the case where a player manages to obtain the FUniqueNetId of another.

Are there any provisions which would allow exposing server-hosted player-specific data before actually joining a sessions?
And what would be the recommended approach for such a scenario?

  • Setup as many sessions per server as there are registered players on this server, exposing only one player’s information for each session, and making sure these sessions are matched only to the corresponding player? Is there even a mechanism which guarantees that only a given (authenticated) player can see a given session? And even if there is, is it possible afterward for all these advertised sessions to correspond to the same server hosted match somehow?
  • Obtain the server’s IP and obtain the corresponding information through a secondary channel before actually joining the session? (Obviously pretty unwieldy since this would require re-authenticating through this channel which ruins the interest of going through, say, Steam’s authentication for example.)

Any advice about how to proceed would be much appreciated.

Regards,