I'm trying to send the session ID with every RPC request my GWT
application makes and handle our login context. On the server, it
looks like you can handle that by overriding
onAfterRequestDeserialized() and onAfterResponseSerialized() (we don't
need to add any information to the outgoing payload,
Also, in the discussion I saw about this, it was said that it was more
secure to send the session ID in the RPC itself instead of getting it
from the header/cookie. Why is this? Does GWT add something extra like
a hash to make sure the RPC hasn't been tampered with?
On Dec 29, 9:24 am, Falcon
*Also, in the discussion I saw about this, it was said that it was
more secure to send the session ID in the RPC itself instead of getting
it from the header/cookie. Why is this? Does GWT add something extra like a
hash to make sure the RPC hasn't been tampered with?*
*
*
*GWT doesn't do
Thanks Sri. That makes complete sense. I'd totally forgotten about
CSRF.
On Dec 29, 11:12 am, Sripathi Krishnan sripathi.krish...@gmail.com
wrote:
*Also, in the discussion I saw about this, it was said that it was
more secure to send the session ID in the RPC itself instead of getting
it
