Your GUI needs a check, then. I handle this by having every Place (and even some sub-forms) check for a user on display and display a logged out UI if there is no current valid user.
Of course, I'm using a login dialog instead of a Place, so if someone's session times out they can re-authenticate without losing any data... On Monday, June 6, 2016 at 9:37:01 AM UTC-5, Olar Andrei wrote: > > Velusamy Velu: > > I'm alredy know that link. I implemented my password reset based on your > workflow. > > But there again is the same Problem (for me actually, perhaps due to my > implementation). If a letter is removed from the hashed token standing in > the URL, and then just hit ENTER, the exact page reloads ( with the prompt > for new password and retype new password ). In that case when submitting, > nothing happens, because the token does not match the Token already stored > in the DB, but like I said before, the page reloads, displaying the GUI, > and it shoudn't do that. > > luni, 6 iunie 2016, 14:47:47 UTC+3, Olar Andrei a scris: >> >> Hello, >> >> For now my aplication (MVP) has a login page, and 2 other palces, the >> AdminPlace and the UserPlace. >> My URL looks like this: >> >> http://127.0.0.1:8888/AdministrareBloc.html#AdminPlace:Admin >> >> The login form consists of username and password, where the username is >> passed as a token to the next Place. >> A user can't connect if he does not know the password, but let's say I'm >> logged in like in the link above. If I change the Admin to Admin2 or >> whatever, I still can see the page content. I don't want this. How can I >> avoid this ? >> >> Thanks in advance >> >> -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
