This concerns a general session id hijacking question that concerns any JS driven site. See www.owasp.org how to deal with this. Ensuring that all traffic goes over https is a good start.
-- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/groups/opt_out.
