There *might* be a way to do it... e.g. 1. only invalidate the session on a specific log out request 2. store a flag/timestamp clientside to either invalidate the session or not 3. onload reads this flag and decides whether or not to to invalidate the session (if a number of seconds/minutes have elapsed)
There are/maybe security implications with this method that may mean it's just not worth it... You can use LocalStorage, SessionStorage and window.name etc to store/ read the flag... Cheers, Dave On Jul 9, 2:29 pm, Stefan Bachert <[email protected]> wrote: > Hi, > > from times to times this questions comes up. > The user has the control over the browser, not javascript over the > browser or the user. > And this is a good idea because of security. > > Developers and customers must accept that there is no control over F5/ > Refresh. The same is true for power off ;-) > > This is no problem when all data is send as soon as possible to the > server. > > Stefan Bacherthttp://gwtworld.de > > On 9 Jul., 02:01, SanjeevG <[email protected]> wrote: > > > Hi, > > > I am working on an application that uses GWT 2.0.3 and GXT 2.2.0. I > > have implemented the onClose method of the CloseHandler to terminate > > the session on browser close, however this is causing an obvious > > problem of terminating the session on browser refresh as well. > > > Can someone put some ideas on how to detect the browser refresh and > > avoid the RPC call that causes the session termination. > > > Thanks. > > Sanjeev. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
