Hi Jens, Thanks for your response, I think everything will work fine once we cache the sessions and make them available to all running instances :)
thanks again On Tuesday, August 20, 2013 11:14:31 AM UTC+3, Jens wrote: > > I don't now how spring security works, but normally your app server should > replicate the user session across your cluster nodes. If that works then > spring security should probably work as well in the cluster. If you use > Jetty as server you could use 3rd party libraries for implementing session > clustering, e.g. Hazelcast, Terracotta, Ehcache, and others. > > XsrfTokens will work across servers if you can recreate the token on each > server. For example if you choose to generate a token using MD5(session id > + user id) or similar. As long as session replication works and you have > the user id on each server available (could be stored in the session) you > can recreate the token and check it against the one the client provides > with its request. The default implementation of GWTs XsrfTokenService just > does MD5(session id from session cookie) but you can easily change this if > you want. > > -- J. > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/groups/opt_out.
