On 11 juin, 15:55, Richard Allen <[email protected]> wrote: > Sounds like when your entry point loads (that happens on refresh) it > needs to check if the user is logged in (check a cookie or make an > AJAX request to the server) and then display the appropriate widgets > (view). > > However, I suggest that you make the login page a separate page from > the page that loads your GWT application. When the user tries to > access your GWT application and is not logged in, redirect the browser > to the login page. After the user successfully authenticates, redirect > the browser to your GWT application. This approach avoids the problem > you are having, and it prevents the user from being able to download > your GWT application (JavaScript code) when they don't have access.
Not having done that 2 years ago and living with it since then, I'd now give the same advice. Note however that it means a different user experience when the session is lost somehow (the user has to be directed to the login page to re-authenticate, and thus loses everything he hadn't saved; whereas when everything is on the same page, you can just hide the "screens" behind the login dialog, but it then is a security issue because the data is just hidden, and any developer tool could reveal it without the for authenticating). -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
