On Thursday, June 21, 2012 4:54:42 PM UTC+2, Williame wrote:
> When a user authenticates the first time in the server side session I add > a couple of attributes that are never visible client side. On any > subsequent request to the server within my servlets I check to see if the > session is null or not, then also are these special session attributes set. > if not set I consider it an invalid, unauthorized request and kick them > out of the app, back to the login screen. > > What if the user logs in and shuts down the browser and turns it back on ? Even though you logged in just a minute ago, you will be logged out, if I understood your approach correctly. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/WLpGllHAsyUJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
