Hi Dane, you are right, this has been solved before :) For example you can transfer your sessionId in your RPC payload and then correctly pair request with session on the server side. This approach was implemented in acris framework and described in the security chapter here: http://code.google.com/p/acris/wiki/Security
Only problem is with the App Engine, because acris-security is not currently deployable on App engine but anyway, you can inspire by the solution or extend it to be deployable on app engine. Help is very appreciated. Peter On 24. Júl, 07:58 h., "dane.molotok" <dane.molo...@gmail.com> wrote: > I'm stuck on how to implement the server-side code for my app. At app > startup I want to authenticate the user, leave the credentials on the > server side and use the session ID for the client to make future calls > that need to be authenticated, in lieu of sending the user credentials > over the wire for every call. I believe to use that session ID from > the client for future calls I will have a problem if my server is > distributed. So if my first call to authenticate goes to one JVM, and > the second call gets redirected by a load balancer to a second JVM, > that second JVM won't recognize that session ID. I would assume this > problem has to have been solved before, for example the Google App > Engine mentions in its documentation that you're not guaranteed to get > the same app server serving your request from one request to the next. > Thanks in advance. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
