I have a question about cookies and maintaining client-side state, and looking for suggestions about how to solve (what I perceive to be) an issue (for us).
We allow the user to create a "sticky" login. You know, the one where they tick the checkbox that says something like "Stay logged in?" This of course creates a persistent authentication token (cookie) on the client. Really we only need this cookie on the first "hit" from the client -- we re-authenticate then send back (via RPC) a session identifier that is used in all further conversations with the server. What we would like to avoid, but seems unavoidable (hence this post), is having the cookie sent with every request to the site. Because the entire site, from the front page all the way back is one entire GWT application, the "path" (in cookie terms) is always the root of our server. Therefore, the cookie gets sent with every RPC to every service. We would like to stuff additional persistent information down to the client for survivability across visits, such as user preferences, but we don't want this stuff blasted back to us with every request. For the purpose of envisioning our traffic patterns, imagine our site is an online game (it's not, but...) with a single client making one call every second or three and 10k+ simultaneous users. Right now the typical "payload" is only two or three dozen bytes, but the size of the cookie even though small is actually larger. We could cut our traffic in half without the cookie being sent back on every request. Is there an effective way to break up an single application across a URL space? Maybe via multiple modules? For example, can we serve the 'login' module .js files from <domain>/login and the 'settings' module .js files from <domain>settings? If so, does that mean that from GWT I can access cookies in the path '/login'? My concern is that because the "page" was served from "<domain>/", even though the script was served from "<domain>/login" that those cookies will not be accessible. As it is, if the server sends back a cookie with a path "/ login", they are not accessible to the client. I was surprised, though maybe shouldn't be, as I expected JavaScript served by a certain domain to be able to access ALL cookies in that domain, regardless of path. That seems not to be the case. Thoughts and suggestions welcome? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
