On Tue, Aug 17, 2010 at 11:41 PM, Dor <[email protected]> wrote: > Hi Jeff, > > First of all thanks for your answer, > Second, > > A. I am not using gwt for login process but PHP one. >
OK, but that contradicts what you wrote in the original post: > My GWT application has a login page that being supported of course by > all browsers, from ie6 to chrome. Perhaps I misunderstood what you wrote. > B. Agreed and being used. > So if you are using the PHP session management process, you can see if the user already has an active session (via the PHP session class). If the user opens another tab, doesn't that appear as the same session to your PHP server? > C. Since i don't have maximum session time (do have that when my > application is idle) i can't use this kind of solution. > Actually, if you are using PHP sessions, they do have a maximum session time. > D. Storing ip may resolve in other problems like: User came and login, > i stored his ip, suddenly his browser crashed, he opens it again: it > may contain the same session id or not but it surely contains his same > ip. > He will try to connect and i will block him. So he will have to > wait for my session time out server side definition to expire before > he will be able to login again. This means that you are using a maximum session time, no? It may not me the maximum session time in your business logic, but it is the maximum session time as far as PHP sessions are concerned. > This solution is kind of risky in a > business manners. > Agreed. Nevertheless, if you are using PHP sessions, that's the behavior you're inheriting. > E. Delete his volatile in logout is good, but if he crashed that > won't work and may lead to other edge cases i am not aware now. > You will need a reaper process to handle this logic. For example, Debian's PHP server distro implements such a process to clean up expired PHP sessions. > It's clear that solution should be done on server side. > > Any other solutions or ideas ? > I don't think we have an agreement on the environment yet. Also, since this isn't really a GWT issue, it's probably not appropriate for this list. OTOH, it may be that you want to extend session management issues into the application after successful login. For example, you may want to include a copy of the PHP session info in any POST data. But, that's another issue. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
