On Jan 24, 6:15 pm, Phaneendra Hegde <pnh....@gmail.com> wrote: > Hi, > I'm developing a web app which needs login/signup kind of typical web app > events. Since this is my first web app I don't have much knowledge about > Session management and Cookies creation/handling,especially in GWT > environment.Can any one help me regarding this please... > > Thank you
The standard approach of using a server side session and generating cookies applies equally as well to GWT as any other webapp. So the server generates a session ID which it adds as a cookie. Then the browser will add it to any requests the GWT client will make, so your server side code can identify it with out you doing anything in GWT on the client side. If you are using a Java based server the servlet api has basic session handling functionality built in. See for an example: http://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/Servlet-Tutorial-Session-Tracking.html If you are designing a site that's significantly popular or a high value target, you ought to read up on Cookie Session Hijacking via hidden images and other tags on 3rd party sites. Any AJAX based site tends to be vulnerable to it unless you design the Ajax calls carefully, so they can't be executed via just a known URL and GET request. Several major sites have been caught out by it, including a major bank so you wouldn't be alone! Hope that helps, Charlie M -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
