This is not a GXT question at all, but maybe some of you could help me to find some docs or tips about the issue.
I 'm trying to decide what policy use for session management, I read this: http://code.google.com/p/google-web-...ginSecurityFAQ
but there are many things not explained in detail.
For example I'm not sure how to get a Session instance on the server, and how to pass it via RPC to client side.
I will appreciate any tips or docs about the issue you know I can read.
Or you could generate an own session on the server and pass a session id to your client. (maybe after a login). This costs you the afford for your own session management but brings you more flexibility (and maybe a better security).
Thanks for your answer.
I think I will doing with HTTPSession on the Server. I want to maintain the session information away from service methods signatures.
I'm also looking for a way of redirect users on the client to the login dialog when the session expires on the server. I thought that I probably will need to extend AsynCallback in order to catch this and after redirecting I will need I way of resend the service requests not processed. Maybe I will need to queue the request an resend it after login success.
I'm not sure still researching this session issue.