[back to the group]
On Mon, Feb 10, 2014 at 4:40 PM, aditi <[email protected]> wrote: > > > Thanks Thomas! That made it a little better for me. > Actually I should allow user automatically get into the application when > logged in once in the same browser as you mentioned too. > But the code at the server side generates session id and sets the value in > cookie SESSIONID and overwrites the previous value. > How should I stop doing that,. > You shouldn't; generating a new session just after you verified the user's credentials is a good practice. What you should do is check that there's a session before displaying the login screen; but then it depends what "displaying the login screen" means in your app. The easiest way to do it is to just use a <login-config> in your web.xml so you don't have to do anything in your GWT app: when the app loads, you can be sure that the user is authenticated (note: you should probably also setup an XSRF protection). What I like to do is to use a dynamic host page where I can generate some script with information about the current user, that will be read by the GWT app using a Dictionary or JSNI (you can also generate an XSRF token and pass it to the app that way). See the gwt-rf-activity archetype in https://github.com/tbroyer/gwt-maven-archetypes, which does just that. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/groups/opt_out.
