The Cookie has no special meaning to the server and will simply be echoed to the client in the response. The client can use multiple types of CD-keys in the same packet. The number of CD Keys to encrypt should be between 1 and 32.

The flags may be zero, or any bitwise combination of the defined flags.
Currently, the following flags are defined:

0x01: CDKEY_SAME_SESSION_KEY
0x02: CDKEY_GIVEN_SESSION_KEY
0x04: CDKEY_MULTI_SERVER_SESSION_KEYS
0x08: CDKEY_OLD_STYLE_RESPONSES

View consts: [pas cpp vb]

CDKEY_SAME_SESSION_KEY (0x01):
This flag specifies that all the returned CD-keys will use the same client session key. When used in combination with CDKEY_GIVEN_SESSION_KEY (0x02), a single client session key is specified immediately after the server session key(s). When used without CDKEY_GIVEN_SESSION_KEY (0x02), a client session key is not sent in the request, and the server will create one.
When not used, each CD-key gets its own client session key. This flag has no effect if the amount of CD-keys to encrypt is 1.

CDKEY_GIVEN_SESSION_KEY (0x02):
This flag specifies that the client session keys to be used are specified in the request. When used in combination with CDKEY_SAME_SESSION_KEY (0x01), a single client session key is specified immediately after the server session key(s). When used without CDKEY_SAME_SESSION_KEY (0x01), an array of client session keys (as many as the amount of CD-keys) is specified. When not used, client session keys are not included in the request.

CDKEY_MULTI_SERVER_SESSION_KEYS (0x04):
This flag specifies that each CD-key has its own server session key. When specified, an array of server session keys (as many as the amount of CD-keys) is specified. When not specified, a single server session key is specified.
This flag has no effect if the amount of CD-keys to encrypt is 1.

CDKEY_OLD_STYLE_RESPONSES (0x08):
Specifies that the response to this packet is a number of BNLS_CDKEY (0x01) responses, instead of a BNLS_CDKEY_EX (0x0c) response. The responses are guaranteed to be in the order of the CD-keys' appearance in the request. Note that when this flag is specified, the Cookie cannot be echoed. (It must still be included in the request.)

Note: When using Lord of Destruction, two CD-keys are encrypted, and they must share the same client session key. There are several ways to do this. One way is to provide both CD-keys in this packet, using the flag CDKEY_SAME_SESSION_KEY (0x01). Another way is to use BNLS_CDKEY (0x01) to encrypt the first CD-key, then use this packet with the flag CDKEY_GIVEN_SESSION_KEY (0x02) to encrypt the second CD-key with the same client session key.