Hi, I am trying to develop an application using GWT.
Let us say user opens my application page (say http://host:port/myapp/myapp.html), I want to check if user is logged in. if yes, my application should be loaded else login module should be loaded. to check if user is logged in, I am thinking of the following approach: - use JSP page as my applications host page. i.e. myapp.jsp instead of myapp.html - using JSP, i have access to HTTPSession. i check if user is logged in. i.e. in my case whether UserInfoDto object present in Session. - if user is logged in, I add a JSON in my JSP containing info about user preferences from UserInfoDto. say <script> var userinfo = {lang: en, loggedIn: true, loggedInUser:[email protected]}; </script> - In my application's onModuleLoad(), i check if useinfo JSON is there and loggedIn is true. (using userInfo as Dictornary) if loggedIn is true, I load my application else I load Login Module in the host page. Questions: 1) when i know user is not logged in, should I load Login module or should I redirect user to login page? This login page will be another GWT module with its own Entry Point. I keep thinking, that redirecting to Login page is better for security point of view. because doing so, I think it is ensured that my application's JavaScript Code is not downloaded unless user is logged in. 2) Also, with the above approach, I am bundling together Login module and my application main module. So, both get downloaded whether user is logged in or not. I dont know if its possible, but may be someone can just change the value of 'loggedIn' in JSON to true and refresh the page/do something which will cause the application to get loaded (as the code is already downloaded for both logged in and not logged in scenarios) without user being logged in. 3) I would like to know if is there any other approach to implement the check whether user is logged in or not? Thanks. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
