<%@ WebHandler Language="C#" Class="GenerateTokenHandler" %> using System; using System.Web; using System.Web.SessionState; using System.Security.Cryptography; using System.Web.Script.Serialization; public class GenerateTokenHandler : IHttpHandler, IRequiresSessionState { public void ProcessRequest(HttpContext context) { context.Response.ContentType = "application/json"; try { var session = context.Session; /* ======================================= GENERATE SECURE TOKEN ======================================= */ byte[] bytes = new byte[32]; using (var rng = new RNGCryptoServiceProvider()) { rng.GetBytes(bytes); } string token = BitConverter.ToString(bytes) .Replace("-", "") .ToLower(); long now = DateTimeOffset.UtcNow.ToUnixTimeSeconds(); /* ======================================= ✅ CRITICAL FIX: INIT GAME SESSION ======================================= */ session["game_start_time"] = now; session["game_id"] = Guid.NewGuid().ToString(); /* ======================================= STORE TOKEN ======================================= */ session["game_token"] = token; session["game_token_time"] = now; /* ======================================= RESPONSE ======================================= */ var response = new { success = true, token = token }; JavaScriptSerializer js = new JavaScriptSerializer(); context.Response.Write(js.Serialize(response)); } catch (Exception ex) { context.Response.StatusCode = 500; var errorResponse = new { success = false, error = ex.Message }; JavaScriptSerializer js = new JavaScriptSerializer(); context.Response.Write(js.Serialize(errorResponse)); } } public bool IsReusable { get { return false; } } }