Hey there, I have implemented a Session management for the first time and I would like to know if it is an appropriate way to do it.
My Flow looks like this: 1. User loggs in 2. Server checks login informations If the login informations are correct: 3. Server generates a SessionID, stores it in my Database (or would you rather recommend to store the sessions in a HashMap on the server? I don´t need to store any session informations. I like the approach storing the session data in the DB, but I guess the HashMap approach is a lot faster). I also calculate an expiration date for the session and store it in the DB. 4. Server sends the SessionID back to the client where the ID is stored in a Cookie. 5. With every request to the Server, the SessionID is going to be send within the payload and every service method checks first if the SessionID exists and is not expired. If the session is valid, the server refreshes the expiration date so the session is staying alive. Otherwise I throw an InvalidSessionException on the server which I´m going to catch on the client. In this case the user is going to be redirected to the login place and the Cookies are going to be deleted. Are there any flaws in my logic? I never implemented a session management before. And I´m to unexperienced to work with frameworks like Spring security. thanks and cheers, Mike -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
