Approach to avoid sharing sessionId?

In Colyseus examples called "02-state-handler", in the related html file (02-state-handler.html) I read the code:
room.state.players.onAdd = function (player, sessionId) {...}
Well as every player has access to others' session id, cheating is possible (in this example, with movePlayer finding player by session id to update state). What is best approach in Colyseus way to avoid this type of cheating if a player sends a request using another players session id please?

Hi @newbee, the possibility of cheating is going to depend on how the server receives and interprets the messages sent by the clients. You'd never act on behalf of "player 2" if "player 1" sent a message, for example. The sessionId's are meant to be shared so the client-side can know the identifier of each client and create the visual representation for them.

Thank you!