Take the simplest single chat (for example, between WeChat friends), when user A sends a message to his friend user B, that is, A issues a message to the A-B session, the server side should verify the identity of the sender A of the message through the identity authentication service logic and judge whether it has the right to send the message to B (the right issued in the A-B session). If it passes the verification, it will forward the message to the other party B subscribing to the session. Then how to realize the identity authentication of the intermediate message sender A? Is a signature field added to the message
For Instant Messenger, the authentication process generally authenticates the identity when the connection is established, that is, when the communication connection is established, and then the connection and the corresponding user are believed to be authentic. Because instant messaging programs generally use long connections, it is not necessary to authenticate every message like Stateless Protocol such as HTTP. Of course, in order to prevent intermediate attacks through forged connections, it is better to use encryption protocol for data transmission on the connection.