On Saturday, March 2, 2013 7:57:49 PM UTC+1, Thomas Broyer wrote: > > > > On Saturday, March 2, 2013 5:27:12 AM UTC+1, a.toled...@gmail.com wrote: >> >> Hello group, >> >> I have a question regarding this tutorial. >> >> At the end it is illustrated how the servlet/jsp can create a java script >> variable that contains the email address of the user. This is done in order >> to save a GWT RPC call that would ask for this value from the browser side >> to the server when the page loads. I understand the rationale behind this >> but I wonder if passing the data by a cookie won't be as efficient as the >> javascript variable but additionally more secured. >> > > Why would it be more secure? I'd even say it'd be *less* secure: the > cookie will be sent back to the server with every subsequent request! > BTW, emitting user info into the HTML page is what Google does (for Groups > –which is made with GWT–, but also Reader, GMail or Plus, which are made > with the Closure tools) > Maybe I'm wrong. What I had in mind is data like an XSRF protection token that the server generates and needs to pass to the client in order for the latter to send it in every RPC request. If I put it in the HTML page I thought it will make the token more accessible to anyone who wants to find it. But actually the cookies are also accessible. I don't know if using SSL would make any difference between these two ways of passing server data (in both the data (html/cookies) is encrypted on the server side and decrypted on the client side).
-- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
