Does this mean that "auth token" in the request payload is not of much use? Also, I want to understand when i have the token set in the requestfactory payload, how to retrieve from the payload when a service call is made by requestfactory since i will have to validate the token for every service request.
On Friday, February 25, 2011 3:49:32 PM UTC+2, Thomas Broyer wrote: > > Of course! I didn't mean to imply that you shouldn't secure your app, but > honestly if someone succeeds in hijacking your session, then he could > possibly do it before loading the host page, so that your GWT app will run > with the hijacked session, and the "auth token in the request payload" won't > be of any help. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.