One more possible way to accomplish this: 1. User sends login request to the server (with username and pass) 2. The server authenticates using whatever mechanism. On successful auth, it generates a "token" or "session id" (not necessarily using HttpSession) and send it back to the GWT client (most probably using GWT-RPC mechanism)
3. The UI now has a valid session id. For next set of application calls from the UI , always sends the sesssion id to the server. So for example after login,lets say u want to retrieve a list of model objects , the async call for that will have a parameter of session id along with other parameters as required by the call. This sessionid has to be validated each time before executing the actual application logic at the server. On session validation failure for any calls, the UI should be able to handle the case and "logout" the user if required. 4. To implement a "remember me" scenario, store this sesssion id in the browser cookie along with some expiration date/time. On a new request from the browser, read this cookie value and re-validate it at the server. This session id validation can also be performed by a "filter" on a J2EE container. http://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecurityFAQ http://groups.google.com/group/Google-Web-Toolkit/web/security-for-gwt-applications Both these links have a lot of good info about GWT security and how to implement them. Thanks, Subhro. On Tue, Dec 21, 2010 at 5:22 PM, Brian Reilly <brian.irei...@gmail.com>wrote: > When the user logs in, store something in the HttpSession. Then, when > the next page loads and your entry point is invoked, make a GWT-RPC > call to check the session to see if the user is logged in and who they > are. You can access the session from a GWT-RPC service implementation > (subclass of AbstractRemoteServiceServlet) using: > > getThreadLocalRequest().getSession() > > You can store the user's preferred language in the session, too. > > As for tutorials, I don't have any in mind, but I'm sure you could > find some examples by searching for "GWT getThreadLocalRequest". > > -Brian > > On Mon, Dec 20, 2010 at 11:31 AM, Davor Peric <davor.peric1...@gmail.com> > wrote: > > I'm new to gwt, and I need to handle sessions in the gwt multipage > > application I've built. I need to enable that the users stay logged in > > and the page language stays the same by navigating between pages. I've > > searched but couldn't find a good tutorail. Can someone give me some > > advice or a link to a good tutorial? > > > > -- > > You received this message because you are subscribed to the Google Groups > "Google Web Toolkit" group. > > To post to this group, send email to google-web-toolkit@googlegroups.com > . > > To unsubscribe from this group, send email to > google-web-toolkit+unsubscr...@googlegroups.com<google-web-toolkit%2bunsubscr...@googlegroups.com> > . > > For more options, visit this group at > http://groups.google.com/group/google-web-toolkit?hl=en. > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Google Web Toolkit" group. > To post to this group, send email to google-web-tool...@googlegroups.com. > To unsubscribe from this group, send email to > google-web-toolkit+unsubscr...@googlegroups.com<google-web-toolkit%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/google-web-toolkit?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
