Caller → Router: Session Access Control
Maintainer requirement: “Only the owner of session can be allowed to call the backend sandbox.” This demo shows how Router blocks session hijacking by validating session ownership before forwarding.
Session Ownership Check
Result
Click “Check Access” to run the ownership check.
How it maps to AgentCube
- Router stores session metadata:
session_id,owner_user_id,namespace,created_at - On every sandbox invocation, Router checks:
session.owner_user_id == authenticated_user_id - Mismatch ⇒ deny (prevents session hijacking)