Hi Nacho,
On Wed, Feb 2, 2011 at 3:55 PM, nacho <[email protected]> wrote: > Jeff, i think I have to explain better my self. > > If you check against the UserService if the user is logged in ( > http://code.google.com/appengine/docs/java/javadoc/com/google/appengine/api/users/UserService.html#isUserLoggedIn%28%29) > here you will have the trouble that I said to you, when the user logs out > from another Google service will be loged out from your application too. > > On the other hand you can store your own session variable after the user > login with the UserService and in this case you wouldn't need to take care > about what I said. > > But, in this case what can happen is that a Google User logins to your app > with a Google Account ([email protected]) and then logouts from gmail and login > with another acount to gmail ([email protected]). The Google user loged will be > [email protected] but you still will be working with [email protected] > > If you dont't care about this, store you own session variable after the > user logins and voila'. > See me last reply to David. Yes, that is exactly what I am doing. When the user first visits my application I authenticate them against Google Accounts and if the user is logged in I then grab their Google Account ID and use that to look up the user in my application's User table on the Datastore which is keyed on their Google Account ID. If they have a User record they are then authenticated as far as my application is concerned and so I then get their session Id and return that to the client who will store their sesion ID in a cookie. From then on I only need the session id to authenticate them on the server by comparing the session id provided in my rpc payload to the servlet's current sesion id; if they are the same the user is authenticated and if they aren't then I will fall back to authenticating them against Google Accounts, starting the whole process over again of returning the most recent session id back to the client if they are logged into Google Accounts and their Google Account Id matches a User key in the datastore. So I never need to concern myself with the user having logged out of their Google Account once I have been able to successfully authenticate them. Once I have successfully authenticated the user their session id is then then used until it is no longer valid. > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-appengine%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > -- *Jeff Schwartz* -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
