Follow-up from PR #631 review (finding #9).
Two pieces of state are stored in two places with the risk of drift:
- bearer token —
gateway.authToken + skitClient.token, with byte-identical helpers gateway.authReq / skitClient.auth.
- maxViewers —
gateway and sessionManager both hold it.
Collapse each to a single source of truth (e.g. token lives only on skitClient; maxViewers only on sessionManager) so they can't diverge. Pure cleanup, no behavior change; deferred from PR #631 to keep that PR's diff focused on the correctness/security fixes.
Follow-up from PR #631 review (finding #9).
Two pieces of state are stored in two places with the risk of drift:
gateway.authToken+skitClient.token, with byte-identical helpersgateway.authReq/skitClient.auth.gatewayandsessionManagerboth hold it.Collapse each to a single source of truth (e.g. token lives only on
skitClient;maxViewersonly onsessionManager) so they can't diverge. Pure cleanup, no behavior change; deferred from PR #631 to keep that PR's diff focused on the correctness/security fixes.