Hi Scott, sessions should have a session timeout. That means you will create a new session after login: request.getSession(true) and it will be timeouted after some inactivity time interval.
You can validate that easy: request.getSession() != null -> session is valid and timeout interval was not reached. request.getSession() == null -> session is invalid, you have to relogin If the user went somewhere else and he will get back to the application, he can be logged back without typing his credentials again if the session is still not invalidated (cookies has sessionId set, but session was invalidated so it not in the request) Hopefully this helps you Peter On 18. Aug, 01:58 h., spierce7 <[email protected]> wrote: > Hey, > > I'm currently making a site that has my own logins that I'm making (I > know Google provides something, but I need my own login system), and > I've been trying to figure out sessions for quite a while now. I've > found a few tutorials, and one of the sites that I was reading > ishttp://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecur... > > There is a section there on "How to Remember Logins". I know how to > get the session ID and store it on the client in a cookie through an > RPC call. What I don't understand is, eventually after a day or so, > the user comes back and I'm supposed to get the session ID from the > cookie and send it back to the server. What am I supposed to do on the > server in order to securely evaluate if session ID is still legal, and > pull up all the necessary information about the user? > > Additional questions: > 1. What would make the session ID change? > 2. What if the user was on a laptop, and the user went somewhere else. > Would he still be able to be securely logged back in without having to > type in his login and password again? > > Thanks! > > ~Scott -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
