Hello, the game client is exposing sensitive information about the players which can lead to session hijacking.
What is it exposing?
- IP address
- Session token
This information can be found by iterating through the ige.$$('player')
object. I don’t know why this information is stored on the client-side but it needs to be addressed to avoid issues.
Proof of session hijacking