Currently, the 'security' is all client side an can be easiy circumvented. Anyone can take over a slideshow as presenter by setting isPresenter to true.

The only way to prevent this, is to make sure that all presenter operations need the secret key to complete succesfully. That means the key needs to be checked on the serverside for each operation... Right?

Any ideas how to fix this?