Monday, May 31, 2010

Authentication and login


Im wondering what's the best way to do a login functionality. I'm
using GWT and GAE, and I can't use openID or Google Accounts (my app
relies on phonenumber + pincode).

I've built a Composite with the two boxes and a button for logging in,
and on the server I would normally store a flag in the session that
the user is logged in. However, when someone kicks the server, the
user has to log in again, which is a pain, so session-only coding is a

What's the best way to do this ? I can of course code everything
myself, like

1) verify that the user exists
2) hash the pin + the time
3) store the time and the hash in the db and set the flag in session
4) encapsulate all server commands, so that the hash is being re-sent
(by db lookup), if (for some reason) the server has been kicked and
the session lost, or navigate to the login composite, if the hash has

It just seems like a lot of work, for something that should be
standard. What have I missed in the docs ??


You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to
To unsubscribe from this group, send email to
For more options, visit this group at

No comments:

Post a Comment