Hi Leung, if you're realizing the "log in" and "log out" functionality within your GWT app and not with other mechanism (e.g. container based authentication), you just need to make sure that the log-in RPC call to the server returns an unique sessionID to your client. For the generation of the sessionID on the server you can use the UUID class and then just send uuid.toString() to the client. This token/sessionId needs to be send to the server with each RPC call to ensure the server-side check if the session is valid, so you also need to store it in your client app, as long as the user is signed in. On the server side you just need to keep track of all currently valid sessionId's.
HTH, Lukasz On Apr 12, 12:30 pm, Leung <[email protected]> wrote: > Hi > > According to article > LoginSecurityFAQ,http://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecur..., > I have a point that I really want someone to make it clear for me. > > From the article, > "Your server will then validate this login, and return a sessionID to your > GWT app. The GWT app will store this sessionID in a static field. For every > further request your GWT app makes to your server, include this sessionID in > the payload of the request. (Either in the JSON data or the object you are > transferring using GWT-RPC)." > > I assume the server returns the sessionId by RPC to the client after > validation. > How can I "include this sessionID in the payload of the request" using > GWT-RPC? > How can I tell the sessionID is in the payload of the request or not in the > payload? > > Thanks > Ming -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
