that's what i'm also doing now. would be interested in comments. i use google's guava for the expiration stuffs (concurrentHashmap)
cheers On Thu, Mar 10, 2011 at 11:15 AM, Jambi <[email protected]>wrote: > Hey there, > > I have implemented a Session management for the first time and I would > like to know if it is an appropriate way to do it. > > My Flow looks like this: > > 1. User loggs in > 2. Server checks login informations > > If the login informations are correct: > > 3. Server generates a SessionID, stores it in my Database (or would > you rather recommend to store the sessions in a HashMap on the server? > I don´t need to store any session informations. I like the approach > storing the session data in the DB, but I guess the HashMap approach > is a lot faster). I also calculate an expiration date for the session > and store it in the DB. > > 4. Server sends the SessionID back to the client where the ID is > stored in a Cookie. > > 5. With every request to the Server, the SessionID is going to be send > within the payload and every service method checks first if the > SessionID exists and is not expired. If the session is valid, the > server refreshes the expiration date so the session is staying alive. > Otherwise I throw an InvalidSessionException on the server which I´m > going to catch on the client. In this case the user is going to be > redirected to the login place and the Cookies are going to be > deleted. > > Are there any flaws in my logic? I never implemented a session > management before. And I´m to unexperienced to work with frameworks > like Spring security. > > thanks and cheers, Mike > > -- > You received this message because you are subscribed to the Google Groups > "Google Web Toolkit" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-web-toolkit?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
