Re: Session tracking and cookies in GWT

On Jan 24, 6:15 pm, Phaneendra Hegde <pnh....@gmail.com> wrote:
> Hi,
> I'm developing a web app which needs login/signup kind of typical web app
> events. Since this is my first web app I don't have much knowledge about
> Session management and Cookies creation/handling,especially in GWT
> environment.Can any one help me regarding this please...
>
> Thank you  

The standard approach of using a server side session and generating
cookies applies equally as well to GWT as any other webapp. So the
server generates a session ID which it adds as a cookie. Then the
browser will add it to any requests the GWT client will make, so your
server side code can identify it with out you doing anything in GWT on
the client side.

If you are using a Java based server the servlet api has basic session
handling functionality built in. See for an example:
http://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/Servlet-Tutorial-Session-Tracking.html

If you are designing a site that's significantly popular or a high
value target, you ought to read up on Cookie Session Hijacking via
hidden images and other tags on 3rd party sites. Any AJAX based site
tends to be vulnerable to it unless you design the Ajax calls
carefully, so they can't be executed via just a known URL and GET
request. Several major sites have been caught out by it, including a
major bank so you wouldn't be alone!

Hope that helps,

Charlie M

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.