What would happen in the case of a load balancer and rpc requests
switching from one server to another from the same client , is sticky
sessions required ?
On Jul 6, 4:32 pm, David Chandler drfibona...@google.com wrote:
Hi Joey,
The XSRF token is stateless so you only need to call the
i don't think sticking session applies here in case of clustering xsrf
protection as i understand it is meant to ensure each REQUEST came from the
actual client, and not adjacent website which activates your request via
javascript code injection (which cannot really get your cookie because of
It depends on what you specify as your token in XsrfTokenServiceServlet (see
the Javadoc). If you use JSESSIONID, then you would need sticky sessions or
session replication as with any use of server sessions.
/dmc
On Tue, Jul 12, 2011 at 7:13 AM, batosai tariq.albabt...@gmail.com wrote:
What
I tried to implement the static initialization as you describe, but I seem
to be running into a race condition where the XSRF callback has not happened
before my getSomeService() is invoked, thus I get SomeService back without
an XsrfToken. I have been trying to think of a way around this
Hi All
I have a big GWT project, there are many services and methods need to
be protected. but I think it a hard work to
change all of code what call methods as the following code from google
document. So just want to know anybody
has any simple way can fix XRSF problem and no need to change so
Hi Joey,
The XSRF token is stateless so you only need to call the XsrfTokenService
once per server session to obtain it. You can save it as a static variable
in a service helper class. Thereafter, you just need to call setRpcToken for
each service.
Some projects GWT.create() all services in a