Want to make a Multiplayer game on web browser and have some questions


I’m not a developer myself and I’m a entrepreneur, I want to create a multiplayer game and I want to gather up a developer team and buy licenses for our team but first we have to decide which game engine we use because I was thinking about Unity Tiny Project as well too but seems like they don’t support multiplayer yet because it’s in Beta yet probably.

Our project is gonna be an only multiplayer - web browser gambling game which players should be able to play on browsers on their PC - Phones - Consoles - Apple TV - …

I have some questions about this game engine:

  1. Can we detect and use Xbox and Playstation controller if it’s connected to iPhones / iPads and Android phones and Apple TV via Bluetooth in PlayCanvas?

  2. While it’s a gambling project and it’s about people’s real money it’s really important that players shouldn’t be able to cheat on our games using any tools such as CheatEngine, for example we don’t want them to be able to do the speedhack using a tool like CheatEngine to make the game faster.

  3. I’ve read a topic here about prevent cheating on PlayCanvas and someone said you can run your game server using Unity C# and make the game using PlayCanvas so user should play / render in PlayCanvas and it will send the information to our Linux Unity Game Server which is better than JS game servers? is it possible to use 2 engines one for developing game and one for Game Server?

1 Like

Hi @MoeinZavar and welcome,

Yes, that is definitely possible, if the browser the app is running on supports the Gamepad API it will work with no issue. Here are some examples in PlayCanvas:

  1. That can be mitigated by running a full authoritative server. That isn’t specific to PlayCanvas, even Unity/Unreal native games can be hacked relatively easily, so by deploying a server that validates each and every user action is the base of getting this working. This is a long process, even big networked games suffer from cheaters and takes commitment to properly counteract each attempt on cheating.

  2. As I said on 2. you will have to run a backend server, the technology/language used is up to your choice since it isn’t tight to PlayCanvas. Many developers choose Node.js or similar Javascript based tech stacks since it makes it easy to share code from the client to the server side. You can even run part of the PlayCanvas engine in your Node.js server if your requires so (e.g. physics).

Here is a server library and service provider that is game oriented: https://heroiclabs.com/


Looking at games like CS:GO, they still have issues with client side cheating such as wall hacking. Some of this can be mitigated using client side code obfuscation. It’s not perfect as network traffic can still be sniffed as well as other vectors of attack.

Photon could also be used for some of your backend infrastructure and technology for real-time multiplayer.

Edit: as this is going to be skill based gambling, you may want to check with the association if there any extra regulations you will have to abide by that could affect your technology decision. For example you may need to self host and have access to the source code.


Thanks for great information :sunflower:

I have an idea can you tell me if it works for preventing cheating because you know game developing more than me for sure, game should render and play on frontend so user can do some changes in the codes on their browser and cheat, can we check if the running game codes are equal to the original codes that we have written on our server and if wasn’t we kick the player from the game automatically?

That’s available for us to self host and access the source code with buying license right?

Depends on the backend technology you choose. For PlayCanvas, that’s not a problem. The engine is open source.

I’m not sure that is possible as the end user can run code on top of the existing game code.

Even if it was possible, all the user would have to do is intercept the packet on the way back to the server and replace with the ‘good’ copy of the code.

TLDR, never trust the client.


Here’s a GDC talk on how valve are tackling client side cheating in CSGO https://youtu.be/ObhK8lUfIlc

1 Like

Awesome so we can do the code processing stuff in our end in a private server that users don’t know about and in the user browser we only get input and render for the user, for example when player press W button it sends that command to our server that no one has access to and it process what to do on that server then it sends back a command to user’s browser that says what to render and show right? it means we can separate the PlayCanvas engine process and render sections in 2 different servers.

Without out going too much into the technical detail, yes.

Usually what happens is that the client would take the input, simulate locally (so there’s no input latency), sends the input and some game data to the server. The server simulates and validates the simulation and sends back corrected (if need be) data back to the clients.

Another good presentation of this is if from Netherrealm Games showing rollback https://www.youtube.com/watch?v=7jb0FOcImdg

Depending on your game, there’s potentially going to be a lots of challenges that your team will need to take on to be completely fair.

Lots of skill based gambling sites bypass this by taking turns and not be in real-time as this gives a chance for the server to completely validate the game based on the initial state and inputs.