Hi, I need to re-implement the classic login page. And I'm a bit lost with all the alternatives. The communication with the server is with RPC. Until now the flow I was using was: - User enters login and pass [client sends them in plain text to the server] - Server validates and generate a session id (String generated with UUID) [server replies that]. - On every request the client sends session id. (all the functions in the rpc have sessionId) - The server was keeping track of this session id and after 30 mins without being used it removed it as valid session.
This was working quite well, but it was a bit annoying to have this sessionId all the time. Reading some posts, seems that is a bad idea sending the session id all the time (at least as I understood). That I can rely on the 'classical session' mechanism. So somehow the server remembers the client after he logs in the first time. Here is my dilemma. This 'classical session' carried by the server seems to disagree with the 'new Ajax-era' where the server carries no status of the client. I think I'm totally messing concepts here. What is the correct way of doing it? Is there some good explaining how to do it, maybe an example will be great. Thank you in advance. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
