Thanks for the reply,

1) If I allow the server side to generate a client code which sets the user and the password, I would be exposing the password as plain text in the client HTML page, even if SSL is used. Which is a security issue.

What I tought maybe is the following:
- Apache authenticates user and creates a session cookie maintained by the client browser. Back-end saves the session in the DB and assigns to it the username the client used.
- Client uses the lightsteamer which create a new lightstreamer session, same as Apache. Lightstreamer meta adapter looks up the session from DB and resolves the username.

But it seems the session id create by lightstreamer has nothing to do with the browser HTTP session, right ?

Any other technique that can do a better job ?

2) I am not sure I understand the use of notifyNewTables(). If I want to restrict a user into accessing only his items, I can rely on getItems(), right ?

3) New question: If two lightstreamers must be used for loadbalancing and high availability, do they have to get their stream data independantly or can they share the same source (I assume the source cannot broadcast to two targets and I do not have my own message broker to publish/subscribe). Is this the reason for the remote adapers ? Is this the only way ?

4) New question: is it possible to start lightstreamer server without a network connection ? It seems it always needs it to check the license remotely, but this handicapes me quite often either because I use dialup where I am or because of proxy/firewall blocking your IP...

5) New question: sendMessage() is good to notify MetaAdapter but sometimes we might need to use it in request/reply mode (basically expect answer back). Is this possible somehow ? I thought maybe to get the client to subscribe to a special item identified by a random unique id where the replies would come thru, but this looks as a hack to me.

Regards,
R