Hi All,

This is not a GXT question at all, but maybe some of you could help me to find some docs or tips about the issue.
I 'm trying to decide what policy use for session management, I read this: http://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecurityFAQ
but there are many things not explained in detail.
For example I'm not sure how to get a Session instance on the server, and how to pass it via RPC to client side.
I will appreciate any tips or docs about the issue you know I can read.

TIA
Daniel

One possibility would be to use Servlet sessions on the server. In this tutorial this strategy is explained -> http://developerlife.com/tutorials/?p=230

Or you could generate an own session on the server and pass a session id to your client. (maybe after a login). This costs you the afford for your own session management but brings you more flexibility (and maybe a better security).

maku,

Thanks for your answer.
I think I will doing with HTTPSession on the Server. I want to maintain the session information away from service methods signatures.
I'm also looking for a way of redirect users on the client to the login dialog when the session expires on the server. I thought that I probably will need to extend AsynCallback in order to catch this and after redirecting I will need I way of resend the service requests not processed. Maybe I will need to queue the request an resend it after login success.

I'm not sure still researching this session issue.

Regards
Daniel