Nah... I need sessions to expire like normal so that those resources can be released as users leave the site.
On Tue, Nov 4, 2008 at 5:14 AM, ponthiaux eric <[EMAIL PROTECTED]>wrote: > Did you try to make cyclic call to the server to preserve the session ? > with a Gwt Timer for example . > > regards. > > 2008/11/3 Jason <[EMAIL PROTECTED]> > >> >> I have a question about the "XSRF" protection. I've implemented this >> by using a requestFilter which filters for the "nocache.js" file and >> sets a "sid" cookie with the session id as the value. Then for each >> RPC call I send the value of the "sid" cookie as a get parameter. >> When the session is active this works great. The issue I have is when >> the session expires, or invalid for some reason. Currently this is >> reporting a false "XSRF" attack since the sid no longer matches the >> session id on the server. >> >> If the sid is based off the session Id (or anything that changes over >> time), how might it get updated when the session id gets invalidated? >> >> >> > > > -- > Eric Ponthiaux > > Consultant technique > > +33.687030001 > > [EMAIL PROTECTED] > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
