Well, UserToWorldRequest is just asking if this user is allowed to join that world it is not the hand off using the key and such.
The final send from LS to world is actually the ServerOP_LSClientAuth, which is the actual hand off to world.
Step 3.1 is LS sending ServerOP_UsertoWorldReq and waiting for a ServerOP_UsertoWorldResp (step 3.2) from world.
But, the UserToWorldRequest/Respose pair is not required, if you skip it and just send ServerOP_LSClientAuth (like you are) it still works but you are relying on world to kick people that would normally not be allowed.
|