Managing session timeouts in GWT
1,490 views
Skip to first unread message
joe kolba
Feb 23, 2011, 3:25:31 PM2/23/11
to google-we...@googlegroups.com
My app is currently built around the Spring framework and Spring Security + GWT. Is there any way for me to redirect to login when a session expires or when the user makes a RPC request when the session has expired? I was thinking about creating a timer that tracks the time between RPC calls, once the timer has gone above the allocated time I could do a Window redirect. Any suggestions?
Jeff Schwartz
Feb 23, 2011, 5:52:14 PM2/23/11
to google-we...@googlegroups.com
On the server compare the user's session id that you placed in your payload to the servlets current session id. If they aren't the same throw a custom exception and catch it on the client's onFailure method. Don't use the request's cookies session value because it is vulnerable to hijacking. Instead, when your user logs in copy their session id to a cookie on the client. Every time you make an rpc call include the session id up to the server.
Jeff
--
Jeff Schwartz
http://jefftschwartz.appspot.com/
follow me on twitter: @jefftschwartz
Jeff
On Wed, Feb 23, 2011 at 3:25 PM, joe kolba <joeko...@gmail.com> wrote:
My app is currently built around the Spring framework and Spring Security + GWT. Is there any way for me to redirect to login when a session expires or when the user makes a RPC request when the session has expired? I was thinking about creating a timer that tracks the time between RPC calls, once the timer has gone above the allocated time I could do a Window redirect. Any suggestions?
--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-we...@googlegroups.com.
To unsubscribe from this group, send email to google-web-tool...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
--
Jeff Schwartz
http://jefftschwartz.appspot.com/
follow me on twitter: @jefftschwartz
H Mahesh
Feb 23, 2011, 9:42:10 PM2/23/11
to google-we...@googlegroups.com
My app is currently built around the Spring framework and Spring
Security + GWT.
I am using spring security mechanism (concept of ExceptionTranslationFilter) to redirect to login page on session timeout.
Mentioned session timeout in web.xml.
but in GWT it wont redirect to login page , it throws invocation Exception. So how can i implement this.and display a message session timeout.
-- s
Mahi
"In the journey of life, if you want to travel without fear, you must have the ticket of a good conscience."
Mentioned session timeout in web.xml.
but in GWT it wont redirect to login page , it throws invocation Exception. So how can i implement this.and display a message session timeout.
-- s
---------------------------------------------------------------------------------------------------------------
Thanks & RegardsMahi
"In the journey of life, if you want to travel without fear, you must have the ticket of a good conscience."
Juan Pablo Gardella
Feb 24, 2011, 6:34:06 AM2/24/11
to google-we...@googlegroups.com
If you wrap all communication with the server (Command pattern), this is an appropriate place to put some logic that deals with user login problems, such as server-side authentication timeouts.
H Mahesh
Feb 28, 2011, 1:44:40 AM2/28/11
to google-we...@googlegroups.com
Thank you for information. I didn't get this...Is there any other way i can achieve this .
--
Reply all
Reply to author
Forward
0 new messages