Version Checking
Every packet sent by the RoExpress client includes a version token. The server validates the token before any handler or middleware runs. A mismatch results in a silent drop — the packet is discarded immediately.
How it works
The version token is derived from the RoExpress build embedded in your game. When your client and server are on the same version the token matches and the request proceeds normally. When they differ — for example because a player is running a stale or spoofed client — the token check fails.
| Outcome | Behaviour |
|---|---|
| Token matches | Request proceeds through the pipeline normally. |
| Token mismatch | Silent drop. No handler is called. No strike is issued. No response is sent to the client. |
| Token absent | Treated as a mismatch — silent drop. |
Why silent drop?
A version mismatch most commonly means the player is running an outdated client mid-update, not that they are acting maliciously. Issuing a strike or kicking in this case would penalise legitimate players caught in a deployment. The silent drop lets the client retry or reconnect without punishment.
An attacker spoofing the version token to bypass detection would still fail the match and have their packets silently ignored, with no information returned that could help them calibrate a spoof.
See also
← Tamper · Configuration | strike threshold and autokick · Strikes | manual and passive strike issuance · Request Pipeline | where version check fits in the pipeline