Yes, thank you very much Jose: you are very useful! You perfectly got the point I didn't understand correctly .. ;)
But now I have to think about the solution .. I would propose this one: I have always to rely on the session (and not on the UserService); if there is no session active I propose to the user the OpenID login. When I get the "User" class out of that (userService.getCurrentUser()), I save the "getUserId()" in the session and in the future I can get who is logged in by looking for the userId in the session. Is this a good practice to deal with authentication? Thank you very much again, Michele On Oct 27, 12:14 pm, Jose Montes de Oca <[email protected]> wrote: > Hi Miguel, > > This is an expected behavior. The other way around is also true: if your > user logout of you application, they will still be login onto their OpenID > provider. > > The OpenID Provider (Identity provider) and your application (relying > party) do not know each others, The OpenID provider just tells your > application that the user that is accessing your application is really who > he says it is (Authentication), After that App Engine will manage this user > session, differently from the user session from the Identity provider. That > been said, the user is login to your application and App Engine retains his > identity and any other action on his OpenID provider will not affect the > user session from your app. > > The key point to understand here is that OpenId is just a mechanism to > identify that the person trying to login is actually what he says he is. > Other than that, App Engine provides a Transparent API which let you hold > on to this verification fror the life of the user session on your > application. > > Hope this helps! > > Jose Montes de Oca -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
