You are not wasting time - it's an important clarification. To my knowledge the logical steps are:
1. User want's to log into your application 2. You pass him to Google 3. He logs in with his Google account 4. Google returns a token with is stored as cookie 5. As long as this token exists the user module (don't know the Java name) treats the visitor as authenticiated. 5. It's your task to delete this token on user logout. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---