Its not a GWT thing because the server decides if you are logged in or not. You should only do a RPC.login(user, password) and the server checks the credentials and then check if the user is already logged in from a different IP (in case of a java servlet you would use HTTPServletRequest to get the request IP).
Security always needs to be done on the server because you cant trust the data coming from a GWT app. Its a JavaScript app and a potential attacker has full control of the JavaScript source code (sure the JavaScript is obfuscated but its not really a problem for an attacker). So everything regarding login/logout/access control has to be decided/checked on server side. -- J. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/cvyU3ILno2IJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
