Reputation: 3587
Client session management in web application on refresh of browser?
I am working on a web application.In this application I have used GWT2.3. Now my question is about session in the client side. In client side I have maintained session like below
public class WorkFlowSessionFactory {
private static HashMap session;
private WorkFlowSessionFactory() {
}
public static HashMap getClientSessionInstance() {
if (session == null) {
session = new HashMap();
}
return session;
}
public static Object getValue(WorkFlowSesisonKey key) {
return getClientSessionInstance().get(key);
}
public static void putValue(WorkFlowSesisonKey key, Object value) {
getClientSessionInstance().put(key, value);
}
public static void remove(WorkFlowSesisonKey key)
{
getClientSessionInstance().remove(key);
}
public static void resetSessionUser(User user) {
session.remove(WorkFlowSesisonKey.LOGGEDIN_USER);
session.put(WorkFlowSesisonKey.LOGGEDIN_USER, user);
}
}
Now after login successfully I put logged in user in client session as well as server side session like below
session.put(WorkFlowSesisonKey.LOGGEDIN_USER, user);
Now when I refresh browser I session instance went null.And all the session variable also null.
One way in my mind is on refresh first I make a server hit to get a logged in user and again set client side session logged in user. So at many places at client side where logged in user required it will work after the refresh of browser.
But I am not sure it is a right way to do or not. So please suggest me this case, is there any good way to do this ? Thanks in advance
Upvotes: 0
Views: 1702
Answers (1)
Reputation: 17489
Yes, accessing the server and querying if the user is logged is a viable solution. I can think of following solutions:
- In the onModuleLoad() method access the server and check if the user is still logged in and store the session in your client session (as you suggested it).
- Store your session in a non volatile storage (Cookie or HTML5 localstorage). However make sure that you don't store any passwords or sensitive data. Store a hash or unique identifier for your session.
In any case make sure that you read and understand about security in GWT apps.
Here are two good ressources: Loginsecurity and Security for GWT applications.
The important rule is to never trust the client. Always check permission and credentials on the backend.
Upvotes: 1
Related Questions
- GWT - Getting session management right
- GWT session management
- Session Management in GWT : how to stay connected after refresh
- Server side session management in GWTP
- Working with sessions in GWT application
- Server session managment in Java
- Session management in the gwt
- Session management in the client side of gwt application
- session persistance across browser/server restart using google app-engine
- Session management in GWT without using Java on the server?