Hi all, I discovered a problem during coding Google WebToolkit together with appengine and according to my interpretation of my tests it's the appengine part of it, which causes the problem. or the development server of it. I tried to follow the article http://code.google.com/intl/de-DE/webtoolkit/articles/security_for_gwt_applications.html and implement a server cookie to compare it with the its content sent via RPC. To get access to the cookies I overlayed the service method.
protected void service(HttpServletRequest hreq, HttpServletResponse hres) throws IOException, ServletException { req = hreq; Cookie[] cookies = req.getCookies(); if (cookies != null) { for (int i = 0; i < cookies.length; i++) { if (cookies[i] != null && "MYCOOKIEID".equals(cookies[i].getName())) { sessionClient = cookies[i].getValue(); } } } super.service(hreq, hres); if (sessionServer != null) { Cookie cookie = new Cookie("MYCOOKIEID", "" + sessionServer); cookie.setComment("Session-Cookie for myapp.example.com"); // cookie.setPath("/"); cookie.setMaxAge(-1); hres.addCookie(cookie); } } This is working as long as I don't try to use the login capability as described in http://code.google.com/intl/de-DE/webtoolkit/doc/latest/tutorial/appengine.html#user Once logged in there is a cookie named "dev_appserver_login", my cookie, which was working without login, seems to vanish on the server side of the development server. -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.