Qingyang, Thanks for the note. Protection against the use of ’stolen’ session ids was added to the code back in April, but at the time I forgot to do so for “SETUP” commands. I’ve just released a new version (2026.07.06) of the code that fixes this. Ross Finlayson Live Networks, Inc. http://www.live555.com/