问题
I am using GAE User Service to Authrnicate my GWT Application. Depending on whether the User is logged in the User is presented with LoginPage/Dashboard.
The GWT Application calls a Auth Servlet (Window.Location.assign("/googleauth"); causing application to unload which then transfers control to Google Authentication Page, after authentication we are redirected to CallBack servlet.
I can check whether user is loggedin successfully in Callback Servlet. However if I simply redirect back to my application the session login is lost.
The Application loads from scratch.
If I set up a cookie-->
HttpSession session = request.getSession(); String sessionid = session.getId(); //Get sessionID from server's response to your login request Cookie cookie=new Cookie("sid",sessionid); response.addCookie(cookie); response.sendRedirect(AppURL.getApplicationBaseURL());
In my client code check -->
String sessionID = Cookies.getCookie("sid"); if(sessionID!=null) { //show dashboard }
Is the way I am using secure? How long are the cookies valid for?
回答1:
You said:
I simply redirect back to my application the session login is lost.
This should not happen. Once you login the session should be there until you logout or session timeouts (you can set this in GAE settings).
You can simply make a GWT-RPC call to server and check if user is logged in: UserServiceFactory.getUserService().isUserLoggedIn().
Note: if you are looking for session cookies, AppEngine uses different cookie names in production and development servers. It uses ACSID cookie in production and dev_appserver_login.
来源:https://stackoverflow.com/questions/6516051/gwt-and-appengine-user-service