FYI, I just setup a GWT webapp running on *Spring Security*. *Spring Security *covers much of the above and more:
- Session Fixation prevention - Easy to enforce HTTPS channel filters to force parts of site to run on SSL - Facilities to persist (totally random) remember me tokens to database so they cannot be hacked/spoofed - Easy to implement custom hashing/salting classes - Request caching to auto-relogin and execute original request - Easy clearing of all session/cookie information on logout/expiration - Invalid session detection/handlers It's fun to role all of your own security, and I've done it, but just implementing a few interfaces and changing some XML is far easier and I trust Spring more than I do myself to reinvent the wheel. P.S. If you want autocomplete on login fields, you'll need to hide input fields in the html page and then pull those values to complete your GWT login form. It's been my experience that the browser only autocompletes saved passwords at page load, but does not complete form elements later inserted into the page. Sincerely, Joseph -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/b73mv2JPWJcJ. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
