There are no restrictions on session IDs in Kallichore; you can make one that's zero length or has unprintable or unusual Unicode characters. This can make it difficult to invoke API methods on those sessions since the session ID is read from the URL.
There are a few ways to address this; the simplest is probably to require session IDs to use characters from a limited URL-safe set, have a min and max length, etc.
There are no restrictions on session IDs in Kallichore; you can make one that's zero length or has unprintable or unusual Unicode characters. This can make it difficult to invoke API methods on those sessions since the session ID is read from the URL.
There are a few ways to address this; the simplest is probably to require session IDs to use characters from a limited URL-safe set, have a min and max length, etc.