The current API design allows for multiple parallel key requests to be in flight. Each call to generateKeyRequest() begins a message exchange resulting ultimately in a keyadded or keyerror event. The first keymessage event may contain a Session ID identifying the session. This session ID is later used to enable correlation between messages conveyed in keymessage and responses added in addKey.
However, the current design does not support correlation between specific generateKeyRequest() calls (and the needkey event that might have triggered it) and subsequent sessions. If a page knows it needs two keys, it can call generateKeyRequest() twice but there is no way to know which keymessage or keyerror results from each call. This might be particularly important for the error case. Modifications to the API such as those described in Object-Oriented API Design (https://www.w3.org/Bugs/Public/show_bug.cgi?id=16613) could address this issue.
Addressed by the object-oriented API (bug 16613). createSession(), which replaces generateKeyRequest(), returns a MediaKeySession object on which all events are fired.