Did you try to make cyclic call to the server to preserve the session ? with a Gwt Timer for example .
regards. 2008/11/3 Jason <[EMAIL PROTECTED]> > > I have a question about the "XSRF" protection. I've implemented this > by using a requestFilter which filters for the "nocache.js" file and > sets a "sid" cookie with the session id as the value. Then for each > RPC call I send the value of the "sid" cookie as a get parameter. > When the session is active this works great. The issue I have is when > the session expires, or invalid for some reason. Currently this is > reporting a false "XSRF" attack since the sid no longer matches the > session id on the server. > > If the sid is based off the session Id (or anything that changes over > time), how might it get updated when the session id gets invalidated? > > > > -- Eric Ponthiaux Consultant technique +33.687030001 [EMAIL PROTECTED] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
