With RPC I define all my RPC synchronous methods taking a string parameter
whose value will be assigned from the cooke storing the sid. On the server,
the handler will compare this string value to the value returned from the
Session.getId() method. If they aren't the same I throw a custom exception
which is caught on the client in the overloaded OnFailure method of the RPC
call.
Here's the typical code for a server-side handler:
@Override
public SingleRPCPayload<SomeTyoe> someMethod(String clientSid, ...)
throws MyCapabilityDisabledException {
HttpSession session = getThreadLocalRequest().getSession(true);
String sid = session.getId();
if (clientSid.equals(sid)) {
.
.
.
return payload;
} else {
throw new MyInvalidSessionException();
}
}
On Fri, Feb 25, 2011 at 7:01 PM, veenatic <[email protected]> wrote:
> I think the discussion has become very interesting and I understood a lot
> about attacks and attackers but I still ponder over the question that if we
> have to put the auth token on the payload of the RequestFactory, how to do
> that?
> And after this how to read the token from the payload to verify it?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Google Web Toolkit" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/google-web-toolkit?hl=en.
>
--
*Jeff Schwartz*
http://jefftschwartz.appspot.com/
http://www.linkedin.com/in/jefftschwartz
follow me on twitter: @jefftschwartz
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
