Once a user is authenticated I use their sid to authenticate them. The sid is retrieved from the server when the user is authenticated and stored on the client in a cookie. Every rpc call includes the sid which is validated against the current session id. If they agree the user is authenticated & if they don't the payload back to the client reflects that & the client will then force the user to authenticate by making the same rpc call used to authenticate my users. On Feb 2, 2011 12:23 PM, "David Chandler" <[email protected]> wrote:
-- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
