Re: gwt mvp sessions

Fri, 25 Feb 2011 16:16:56 -0800 

btw my bad I meant to say overridden OnFailure method... sorry about that

On Fri, Feb 25, 2011 at 7:15 PM, Jeff Schwartz <[email protected]>wrote:

> With RPC I define all my RPC synchronous methods taking  a string parameter
> whose value will be assigned from the cooke storing the sid. On the server,
> the handler will compare this string value to the value returned from the
> Session.getId() method. If they aren't the same I throw a custom exception
> which is caught on the client in the overloaded OnFailure method of the RPC
> call.
>
> Here's the typical code for a server-side handler:
>
>     @Override
>     public SingleRPCPayload<SomeTyoe> someMethod(String clientSid, ...)
> throws MyCapabilityDisabledException {
>         HttpSession session = getThreadLocalRequest().getSession(true);
>         String sid = session.getId();
>         if (clientSid.equals(sid)) {
>             .
>             .
>             .
>             return payload;
>         } else {
>             throw new MyInvalidSessionException();
>
>         }
>     }
>
>
> On Fri, Feb 25, 2011 at 7:01 PM, veenatic <[email protected]>wrote:
>
>> I think the discussion has become very interesting and I understood a lot
>> about attacks and attackers but I still ponder over the question that if we
>> have to put the auth token on the payload of the RequestFactory, how to do
>> that?
>> And after this how to read the token from the payload to verify it?
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Google Web Toolkit" group.
>> To post to this group, send email to [email protected].
>> To unsubscribe from this group, send email to
>> [email protected].
>> For more options, visit this group at
>> http://groups.google.com/group/google-web-toolkit?hl=en.
>>
>
>
>
> --
> *Jeff Schwartz*
> http://jefftschwartz.appspot.com/
> http://www.linkedin.com/in/jefftschwartz
> follow me on twitter: @jefftschwartz
>
>


-- 
*Jeff Schwartz*
http://jefftschwartz.appspot.com/
http://www.linkedin.com/in/jefftschwartz
follow me on twitter: @jefftschwartz

-- 
You received this message because you are subscribed to the Google Groups 
"Google Web Toolkit" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/google-web-toolkit?hl=en.

Reply via email to