Jason, Maybe you could come up with a session-less implementation, so then you wouldn't have to worry about releasing those resources?
Walden On Nov 4, 12:52 pm, "Jason Vincent" <[EMAIL PROTECTED]> wrote: > Nah... I need sessions to expire like normal so that those resources can be > released as users leave the site. > > On Tue, Nov 4, 2008 at 5:14 AM, ponthiaux eric <[EMAIL PROTECTED]>wrote: > > > > > Did you try to make cyclic call to the server to preserve the session ? > > with a Gwt Timer for example . > > > regards. > > > 2008/11/3 Jason <[EMAIL PROTECTED]> > > >> I have a question about the "XSRF" protection. I've implemented this > >> by using a requestFilter which filters for the "nocache.js" file and > >> sets a "sid" cookie with the session id as the value. Then for each > >> RPC call I send the value of the "sid" cookie as a get parameter. > >> When the session is active this works great. The issue I have is when > >> the session expires, or invalid for some reason. Currently this is > >> reporting a false "XSRF" attack since the sid no longer matches the > >> session id on the server. > > >> If the sid is based off the session Id (or anything that changes over > >> time), how might it get updated when the session id gets invalidated? > > > -- > > Eric Ponthiaux > > > Consultant technique > > > +33.687030001 > > > [EMAIL PROTECTED] Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---