We're developing a new LS client that would need to handle users signup and login. In the docs there's only one small part describing how to do this when legacy web server is used also (by authenticating on the web server actually).

We need to have a signup form, which when submitted would use LS sendMessage() to create user. We're implementing our own Metadata Adapter in Java (using ARI) and it's quite clear what to do on that side.

The question is how should client (js for now) behave in this scenario. Client should be able to use other services only if he's correctly logged in, which should also happen immediately after a successful signup.

First we'd open a connection to LS without any user/pass, call sendMessage() with submitted user signup details (user & pass at least), and if the server doesn't reply with exception (decided in our MetadataAdapter based on validity of signup details) client considers this as successful signup. Then what? Should client close this connection just to open new one with the newly approved user & pass? Is there a way to login using the currently open connection that was used for signup anyway?

It seems pretty straightforward to set user & pass on connectionDetails, and it works just fine, but we're worried about constantly keeping the password available in the client upon setting it. Is there a better way of doing this, i.e. submitting password only once and forgetting it?

There is one confusing sentence in the docs of connectionDetails property of LightstreamerClient: "Properties of this bean can be overwritten by values received from a Lightstreamer Server". Does this mean that server can override some of these properties automatically, without client actually calling setUser(), setPassword(), etc.? If so, how can this be done?