Sessions and authenticated user status can time out. For example, if a user kept their browser open for days, lets say, and then does something on the page they may no longer have a valid session.
On Fri, Jul 30, 2010 at 4:47 PM, Onestone <[email protected]> wrote: > Why not simply initialize a JS variable in the page HTML for logged-in > users, and then simply checking for it? There's no security > vulnerability in doing that, as any part of the client-side code can > be manipulated anyway. > > On Jul 30, 10:13 pm, Jeff Schwartz <[email protected]> wrote: > > I think that for security reasons the headers aren't readily accessible. > If > > they were you can imagine the hacks the malcontents would be making using > > them. > > > > The idea of using a light weight ajax call is perfect for this. The call > > back on the client would only need to receive a boolean yes/no wrapped in > a > > json object to resolve the question. That's rather a secure mechanism in > my > > opinion. On the server, a user object could be stored in session state to > > indicate he/she is logged in. So the processing on the server is minimal. > In > > fact, I use this same technique in all my applications including those > for > > other platforms. > > > > Other than those that are forced upon me - such as session id - I avoid > > using cookies. > > > > Just my $0.02. > > > > 2010/7/30 Jaroslav Záruba <[email protected]> > > > > > > > > > ...which leads me again to wishing for http-headers being accessible in > JS. > > > :( > > > > > 2010/7/30 Jaroslav Záruba <[email protected]> > > > > > On Fri, Jul 30, 2010 at 8:44 PM, Ikai L (Google) <[email protected] > >wrote: > > > > >>> The "correct" way is to make a request back to your application in > > >>> Javascript. You can do cookie hacks, but these have a tendency to be > brittle > > >>> and hard to manage. > > > > >> My understanding is that the original poster wants to have that > > >> information at hand *without* any further trips to server, and (most > > >> importantly) only as kind of hint. Obviously I don't use that cookie > as > > >> authorization or password. :) > > > > >>> On Fri, Jul 30, 2010 at 11:18 AM, Jaroslav Záruba < > > >>> [email protected]> wrote: > > > > >>>> I'm keeping a cookie for that. > > > > >>>> On Fri, Jul 30, 2010 at 8:13 PM, Saqib Ali <[email protected] > >wrote: > > > > >>>>> How do I check if the user is currently logged in using their > Google > > >>>>> Account in Javascript? I can set some hidden field to do that, but > is > > >>>>> there a more elegant way to do this? > > > > >>>>> saqib > > > > >>>>> -- > > >>>>> You received this message because you are subscribed to the Google > > >>>>> Groups "Google App Engine" group. > > >>>>> To post to this group, send email to > [email protected] > > >>>>> . > > >>>>> To unsubscribe from this group, send email to > > >>>>> [email protected]<google-appengine%[email protected]> > <google-appengine%[email protected]<google-appengine%[email protected]> > > > > >>>>> . > > >>>>> For more options, visit this group at > > >>>>>http://groups.google.com/group/google-appengine?hl=en. > > > > >>>> -- > > >>>> You received this message because you are subscribed to the Google > > >>>> Groups "Google App Engine" group. > > >>>> To post to this group, send email to > [email protected]. > > >>>> To unsubscribe from this group, send email to > > >>>> [email protected]<google-appengine%[email protected]> > <google-appengine%[email protected]<google-appengine%[email protected]> > > > > >>>> . > > >>>> For more options, visit this group at > > >>>>http://groups.google.com/group/google-appengine?hl=en. > > > > >>> -- > > >>> Ikai Lan > > >>> Developer Programs Engineer, Google App Engine > > >>> Blog:http://googleappengine.blogspot.com > > >>> Twitter:http://twitter.com/app_engine > > >>> Reddit:http://www.reddit.com/r/appengine > > > > >>> -- > > >>> You received this message because you are subscribed to the Google > Groups > > >>> "Google App Engine" group. > > >>> To post to this group, send email to > [email protected]. > > >>> To unsubscribe from this group, send email to > > >>> [email protected]<google-appengine%[email protected]> > <google-appengine%[email protected]<google-appengine%[email protected]> > > > > >>> . > > >>> For more options, visit this group at > > >>>http://groups.google.com/group/google-appengine?hl=en. > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "Google App Engine" group. > > > To post to this group, send email to [email protected] > . > > > To unsubscribe from this group, send email to > > > [email protected]<google-appengine%[email protected]> > <google-appengine%[email protected]<google-appengine%[email protected]> > > > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/google-appengine?hl=en. > > > > -- > > -- > > Jeff > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-appengine%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- -- Jeff -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
