On 14 juil, 11:04, Torch <[email protected]> wrote: > The LoginSecurity FAQ says we must always send the session ID in the > RCP. I am using the standard servlet sessions. After login I send the > session ID back to the client. In subsequent RPCs the client sends the > session ID as an RPC parameter. But how do I get the session object in > the servlet using the session ID in the RCP? There is no function like > getSession(id).
Checking that the ID sent with RPC is the same as the one of the "current session" should be enough. Katharina gives a good advice too, you'd then don't use the server- side session mechanism at all. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
