Hi Jeff,
First of all thanks for your answer,
Second,
A. I am not using gwt for login process but PHP one.
B. Agreed and being used.
C. Since i don't have maximum session time (do have that when my
application is idle) i can't use this kind of solution.
D. Storing ip may resolve in other problems like: User came and login,
i stored his ip, suddenly his browser crashed, he opens it again: it
may contain the same session id or not but it surely contains his same
ip.
He will try to connect and i will block him. So he will have to
wait for my session time out server side definition to expire before
he will be able to login again. This solution is kind of risky in a
business manners.
E. Delete his volatile in logout is good, but if he crashed that
won't work and may lead to other edge cases i am not aware now.
It's clear that solution should be done on server side.
Any other solutions or ideas ?
Regards,
Dor
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
