isn't this very insecure (passing the sessionId via URL)? AFAIK: the URL is always readable (even if you use SSL) and thus it would be very easy to intrude the users session
On Nov 29, 3:52 am, Joe Cole <[EMAIL PROTECTED]> wrote: > You could just change the request urls: > > target.setServiceEntryPoint(GWT.getModuleBaseURL() + "/" + service > +";sessionid="+sessionId); > > I haven't tried it, but assume it would work. You would have to pull > out the appropriate information on the server side. > Joe > > On Nov 28, 5:35 am, seb2nim <[EMAIL PROTECTED]> wrote: > > > Hi everyone. > > > I was playing with cookie and session and i found i cant open two > > different tabs on firefox with twice the same app... so i think i'm > > doing something wrong : I was thinking there would be two different > > httpSessions but apparently not. > > > the problem is i actually keep some user information in httpsession... > > So two apps shares the same information wich is, really bad. > > > I decided to generate a unique 'application level session id' at login > > so that i can manage multiple in one httpsession. > > > Drawback is that once passed to client-side code, i need to pass it on > > every rpc call... and i'm a lazy guy... I dont want to refactor each > > method signature... > > > As RPC mecanism is now improved in GWT1.5 : > > "The first is that asynchronous interface methods can now return the > > underlying HTTP request object (http.client.Request) so you can access > > and tweak it as necessary for your application needs before sending it > > off through RPC. Asynchronous interface methods can now also return > > void or http.client.RequestBuilder objects." > > > I think i can tweak my calls to append the appSessId in header or > > something like that. Did anyone already do this? > > > Thanks --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
