I am also looking for some recommendation for this. I have read this link http://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecurityFAQ and also wanted to implement the security with RequestFactory. But as the article suggests, the session id should be sent on the payload of the request instead of the cookie approach.
The following questions come to my mind 1. Do we need to send the session id on each method on the RequestContext? If so how do we validate this on the Server side? 2. Does servlet filter help in validating the session before every request? I am not really sure how to get the RequestContext session id parameter from the servlet filter . Is it even right thinking? -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
