Also, in the discussion I saw about this, it was said that it was more secure to send the session ID in the RPC itself instead of getting it from the header/cookie. Why is this? Does GWT add something extra like a hash to make sure the RPC hasn't been tampered with?
On Dec 29, 9:24 am, Falcon <msu.fal...@gmail.com> wrote: > I'm trying to send the session ID with every RPC request my GWT > application makes and handle our login context. On the server, it > looks like you can handle that by overriding > onAfterRequestDeserialized() and onAfterResponseSerialized() (we don't > need to add any information to the outgoing payload, just destroy the > login context, so we can do this after serialization). > > However, I'm not sure what I need to override on the client since > RemoteService is just an interface. I know GWT is doing some magic > with GWT.create(). Ideally, I'd like to extend RemoteService with a > new class, then extend that new class for all of my RPCs that needed > to send the session IDs automatically and then put the session ID > somewhere in the payload before the RPC was serialized to send across > the wire to the server. This just seems to make more sense to me than > having the session ID be a part of every single RPC method signature. > > Any help would be appreciated! Thanks! -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-tool...@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
