I'm new to sessions and I could use a little help in understanding
this.
If you log in you send your username/hash password.
The server validates this data.
The server creates a new or accesses a current one already created for
you.
Fills the sever session with user data.
Returns a session Id and places this Id in a database of valid
sessions and maybe your ip address and say your userId.
Q: why is a session Id needed does the server not know who is sending
the RPC? could i not just call session.getAttribute("userId") on the
server side?; regardless of a sent session id?
Is the point of a session Id just so someone can't fake your ip
address and send requests to the server as if they were you?
Q:If you give a session Id out and it's saved on the clients side in
say a cookie. Then if the user reboots their pc and opens up your
site. This is where i'm confused.
Your page should display a login not right? so...
The client sends the server it's session Id, the server sees it's in
the valid session database but is your session data still alive? on
the server does the server still know your the same person because of
your ip?
I don't see where a session id is used at any point other than
verification of who the client is. So is that the only point of a
session Id to add security as to who is sending the RPC to the server?
Will i have to check the session.getAttribute to see if it even has
data even if i have already checked to ensure the session Id passed to
me is valid? Is that the point of a sesson Id to rebuild a sesson
Attribute if it expires on the sever before you clear it from your
valid session table?
HttpSession session = getThreadLocalRequest().getSession(true);
session.getAttribute("userId");
If anyone could clear this up or offer some other reading on this
topic please do.
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
