Session Management in GWT

I have few basic questions on session management in GWTP.

1. Now, we create a new session when the user logs in to application.
Now, I can open a browser and type in the app url with a token
directly without logging in. It will render the UI page to user
without any checks. Now, we have session checks in server side. So if
the UI page make s a server call on rendering then only, I will get to
know session is not valid and i can redirect him to login page. But,
how do we handle the cases where UI page does not have any server side
logic and user directly paste the URL with that token.
Do I have to make a server call on every page request from GWTP
presenter just to check session is valid? or do we have any other
approaches to it?

2. I am not passing any explicit session id param from GWT Client to
server. Its only the JSessionId getting passed automatically from
browser to server. We just do request.getSession() in server and see
if it is null or not(Not logged in if null). So I hope we dont have
any security issues with this. Please confirm.

3. With GWT client running on android and server side logic exposed as
Restful Web services using Jersey, how do we maintain session because
Restful WS are stateless. Now how do we achieve user session in this
case?

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.