Hi, I'm quite sure the user always has a session on the application server - independently of whether (s)he is authenticated or not. Any RPC Call you make always carries the Session ID - and in each service (on the server side), you can get it via getThreadLocalRequest().getSession(). When using HTTP Authenication, you'd also have the normal HTTP principal / username. When doing your own authentication, you could just store a sucessful authentication in the session - which automatically expires. I don't think an AJAX request does in any way differ from a normal request for a complete HTML page, but you could find out by installing the TamperData firefox plugin and looking into the interaction of a GWT app with a server. I hope that helps you a little further Sebastian
On Jun 17, 7:19 am, fmod <[email protected]> wrote: > Hi, I need to re-implement the classic login page. And I'm a bit lost > with all the alternatives. The communication with the server is with > RPC. Until now the flow I was using was: > - User enters login and pass [client sends them in plain text to the > server] > - Server validates and generate a session id (String generated with > UUID) [server replies that]. > - On every request the client sends session id. (all the functions in > the rpc have sessionId) > - The server was keeping track of this session id and after 30 mins > without being used it removed it as valid session. > > This was working quite well, but it was a bit annoying to have this > sessionId all the time. Reading some posts, seems that is a bad idea > sending the session id all the time (at least as I understood). That I > can rely on the 'classical session' mechanism. So somehow the server > remembers the client after he logs in the first time. > > Here is my dilemma. This 'classical session' carried by the server > seems to disagree with the 'new Ajax-era' where the server carries no > status of the client. > > I think I'm totally messing concepts here. What is the correct way of > doing it? Is there some good explaining how to do it, maybe an example > will be great. > > Thank you in advance. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
