Right, a client side timer is a nice user convenience, but don't make
the mistake of depending on the client side code to perform the
logout, you will always need a server side solution as well.
The client must always be considered un-trustworthy and unreliable. So
depending solely upon the client to log out will undoubtably leave you
with random logged in clients even past their timeout
The causes could be as simple as a browser crash or network
disconnect, or as nefarious as a rogue client.
-jason
On Apr 16, 2009, at 9:53 AM, Vitali Lovich wrote:
>
> I used both.
>
> It depends what kind of behaviour you want. Here's what I have in the
> class that implements the onModuleLoad:
>
> @Override
> public void onPreviewNativeEvent (NativePreviewEvent preview)
> {
> if (closingRegistration == null)
> // not logged in yet
> return;
>
> switch (preview.getTypeInt())
> {
> case Event.KEYEVENTS:
> case Event.MOUSEEVENTS:
> case Event.ONCLICK:
> case Event.ONDBLCLICK:
> case Event.ONMOUSEWHEEL:
> logoutWarn.schedule(LoginModel.SESSION_TIMEOUT -
> LoginModel.SESSION_WARN_TIMEOUT / LOGOUT_SPEED);
>
> Controller.viewUpdated(Application.View.USER_ACTION, null);
> break;
> }
> }
>
> logoutWarn is just a Timer object that (the arithmetic there is just
> for some animation stuff that warns the user there's a logout
> approaching due to inactivity). Controller.viewUpdated simply sends
> an RPC to the server telling it that there was a user action (i.e.
> refresh the session on the server side). This isn't a direct RPC call
> though. It keeps postponing the RPC call (which is done within a
> timer) until a threshold is reached.
>
> On the server side, I persist sessions in the database. Every RPC
> call refreshes the session in the database. If a session is not
> valid, that'll throw an specific exception - all RPC callbacks are
> actually wrapped in a central callback that handles server errors
> (i.e. if the server responds with not authenticated, it'll force a
> logout of the UI).
>
> Also, when the UI logs out due to inactivity, it sends an RPC call to
> the server telling it the session has been invalidated (not strictly
> necessary, but just a security thing) & removes any session related
> cookies.
>
> Hope this helps.
>
> On Thu, Apr 16, 2009 at 11:32 AM, Jason Essington
> <jason.essing...@gmail.com> wrote:
>>
>> You'd probably want to control that on the server side, so a session
>> timeout would be the simplest method.
>>
>> -jason
>>
>> On Apr 16, 2009, at 8:23 AM, Mark wrote:
>>
>>>
>>> HI all.
>>>
>>> I am new to GWT.
>>>
>>> I want to implement an auto logout feature for my application.
>>>
>>> Any ideas will be most welcome as I am bleak.
>>>
>>> Mark
>>>
>>>>
>>
>>
>>>
>
> >
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to Google-Web-Toolkit@googlegroups.com
To unsubscribe from this group, send email to
google-web-toolkit+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/Google-Web-Toolkit?hl=en
-~----------~----~----~----~------~----~------~--~---
