So I read the LoginSecurityFAQ (http://code.google.com/p/google-web-
toolkit-incubator/wiki/LoginSecurityFAQ) and I plan on implementing
logins exactly as in the FAQ. At a high level I believe I get it but
need help on the specifics so please be as detailed and specific as
possible in your
Someone I talked to in person (who otherwise didn't know about GWT
RPC) suggested I also store the role as in
{username,sessionID,timeout,role} so that I don't have to fetch and
otherwise mess with the user object every request. Does that seem
sane? I suppose I could also store a reference to
eags,
In my apps, I generally keep a reference to the User object within the
app. Since, my current app works with browser history and can be
called with various urls, I check for the existence of a User object
after I parse the url, but before I load and show the content
referenced by the url.
