secure to send the session ID in the RPC itself instead of getting it
from the header/cookie. Why is this? Does GWT add something extra like
a hash to make sure the RPC hasn't been tampered with?
On Dec 29, 9:24 am, Falcon <msu.fal...@gmail.com> wrote:
> I'm trying to send the session ID with every RPC request my GWT
> application makes and handle our login context. On the server, it
> looks like you can handle that by overriding
> onAfterRequestDeserialized() and onAfterResponseSerialized() (we don't
> need to add any information to the outgoing payload, just destroy the
> login context, so we can do this after serialization).
>
> However, I'm not sure what I need to override on the client since
> RemoteService is just an interface. I know GWT is doing some magic
> with GWT.create(). Ideally, I'd like to extend RemoteService with a
> new class, then extend that new class for all of my RPCs that needed
> to send the session IDs automatically and then put the session ID
> somewhere in the payload before the RPC was serialized to send across
> the wire to the server. This just seems to make more sense to me than
> having the session ID be a part of every single RPC method signature.
>
> Any help would be appreciated! Thanks!
--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
No comments:
Post a Comment