On 08/14/2010 11:30 PM, Dor wrote: > Hi All, > > Your assistance / help is needed and well valued. > > My GWT application has a login page that being supported of course by > all browsers, from ie6 to chrome. > > After login i want to prevent the user from opening another tab and > try to login again. > > I mean to prevent it not by JS. Your help is needed, some things to > consider before answering : > > 1) When he opens a new tab in the same browser he is actually logged > in with the same session id. > counting on the same id is problematic, since i took in > consideration a situation in which user browser is > crashed, and he opens it again while it has the same session id, i > am logging him automatically again. > > 2) Using the cookie can be problematic also. > > 3) I need the solution to work on all browsers from ie6 to chrome. > > Thanks in advance to you all, > > Dor >
Hi Dor: A few observations: o Don't use GWT for the login process. Search this list for other discussions of this issue. You shouldn't need GWT during login. o Server side Java or PHP session management mechanisms may provide usable frameworks to address this issue. You'll need research these. o Make a volatile login record on your server associated with the permanent authorization record. One technique is to create two fields in this volatile record: login time and logout time. Set logout time to the expected maximum session time. Reject a login attempt for that authorization record whose login time is greater than the recorded login time and less than the expected logout time. o Consider recording the source IP address and rejecting any attempt to login again from that IP address. Again, this requires a volatile login record associated with a permanent authorization record. Clear/delete this volatile login record on logout. There are various garbage-collection issues associated with requiring a authorization/login pair. For example, what happens when the browser window closes w/o a logout request. All this can be done w/o JavaScript. Since it's all server-side code, it is also browser-independent. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
