Multiple GWT sessions possible?

After moving an app from a traditional web app (think PHP or similar scripting language) to a GWT app I noticed a difference in handling of sessions.  It seems like it is possible to have multiple simultaneous sessions with a GWT app running in the same browser (different tabs or windows).  Not sure if this is a correct understanding or I am out in space some where.  Also, concerned about potential security flaws with this.

In our case, once a user is logged in, we create a session variable (server side). The value is not important.  We simply check for its presence with every GWT-RPC call (server side).  If the variable is not there, we throw an exception - to signal a timeout - which is caught by the GWT app and the user must log in again.

Once the user is logged in, we don't really use the session (accept to check for its existence, as mentioned above). We do keep the user id on the client side - in the GWT client app though.  Most of the calls to the server (via GWT-RPC) are not user specific.  They are mostly queries.  When the user is needed, the user ID is passed through GWT-RPC to the server. 

This is where a GWT app seems to really differ from a traditional web app. Each instance of a GWT app can store its own user ID.  These are stored in the GWT client app (JS variables).  Thus it seems like multiple instances of a GWT app can be run (for example, in two tabs of the same browser), with each instance being logged in as a different user.  They would, of course, share the same session.  In general, this is not likely to be done with a traditional web app because they typically rely on cookies to identify the user to the server and there is typically one cookie per web app (not per instance of the app).

This idea still seems a little strange to me, coming from a world other than GWT.  Does this makes sense or am I missing something?

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/rh6yuyf8yl0J.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.