I've been using GWT-RPC up until this point, but would like to make
the switch to RequestFactory shortly. I'm a bit confused as to how to
prevent CSRF/XSRF with RequestFactory though.
As per http://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecurityFAQ,
up to this point I've been sending the session ID within the *payload*
of each RPC. Works great. Should I be doing something similar with
RequestFactory? Any and all suggestions greatly welcome!
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to firstname.lastname@example.org.
To unsubscribe from this group, send email to email@example.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.