Google AppEngine Session Example

Question

I just enabled Session in my Google AppEngine/Java + GWT application. And how do I use it? How do I get session ID and play will all good stuff from it? Are there any real examples of simple login page where I'm just entering LoginName and Password, then it goes to the server over RPC call, authenticates against database and sends Session ID back to the client.

I have following code already but don't know what to do next:

GWT Login Form:

public class LoginForm {
    private final LoginServiceAsync loginService = GWT.create(LoginService.class);

    VerticalPanel loginVp = new VerticalPanel();
    TextBox loginTxt = new TextBox();
    TextBox passTxt = new TextBox();

    Button loginBtn = new Button("Login");

    public Widget getLoginWidget(){

     loginBtn.addClickHandler(new ClickHandler(){

      public void onClick(ClickEvent arg0) {

       loginService.authenticateUser(loginTxt.getText(), passTxt.getText(), 
         new AsyncCallback<String>(){

          public void onFailure(Throwable caught) {
           InfoPanel.show(InfoPanelType.HUMANIZED_MESSAGE, "No Connetion", "Problem conneting to the server.");
          }

          public void onSuccess(String result) {
           InfoPanel.show(InfoPanelType.HUMANIZED_MESSAGE, "Session ID", "Your session id is: " + result);

           GWT.log("Setting up session", null);
           String sessionID = result;
           final long DURATION = 1000 * 60 * 60 * 24 * 14; //duration remembering login. 2 weeks
           Date expires = new Date(System.currentTimeMillis() + DURATION);
           Cookies.setCookie("sid", sessionID, expires, null, "/", false);
          }
         }
       ); 
      } 
     });

     loginVp.add(loginTxt);
     loginVp.add(passTxt);
     loginVp.add(loginBtn);

     return loginVp;
    }
}

RPC Servlet:

public class LoginServiceImpl extends RemoteServiceServlet implements LoginService{ 
    //Sends back to the client session id
    public String authenticateUser(String login, String password){
     String sessionId = new String();

     // TODO: figure out how to work with session id in GAE/J
     sessionId = "How to get session id?";

     return sessionId;
    }

    public Boolean checkIfSessionIsValid(String sessionId){

     //TODO: figure out how to check user's credentials  
     return true;
    }
}

Any hints in the right direction would be helpful. Thanks.

Answer 1

Enabling session support gives you a standard Servlet HttpSession.

This will be tracked by means of a cookie (called JSESSONID), which is managed by the servlet container under the covers. You do not need to care about the session id.

You can then set attributes (server-side) that will be associated with the session (so that you can retrieve them later).

HttpSession session = request.getSession();

// in your authentication method
if(isCorrectPassword)
   session.setAttribute("authenticatedUserName", "name");

// later
 if (session.getAttribute("authenticatedUserName") != null)

This should also work with Ajax requests from GWT. Please refer to any Servlet tutorial for more details.

The drawback of sessions on GAE (compared to other servlet engines) is that they are serialized in and loaded from the database every time, which could be expensive, especially if you put a lot of data in there.

Answer 2

Here is how you can get the session in GAE:

this.getThreadLocalRequest().getSession();