OK... back to the topic:
I did some ethernet sniffing (with wireshark).
Indeed the CB player sends this new line (flashvar "auth"):
Code:
{"username":"myname","org":"ATL","expire":1496354230,"sig":"xxxxxx","room":"model_name"}
"sig" looks like this: 1d58fe0742f9687962d8b3f4819ae453e592117aa7e52edc2a c1f295182d6ca2
so this i a 32byte key.
Just copying it from a running CB session does not work. I think that as long as we don't know the meaning of this "sig" we are out of luck.