Hi,
Once a user is logged in, I create a Java session and store their userid and sessionid (sid) in the session, these two parameters are sent to GWT client and they are stored there in a base GWT client presenter (not as cookies). I am using MVP Architecture.
Every call made to sever there after is sent with these two parameters userID and SID, so I verify this on server, that the current session on server is equal to the session id provided and it belongs to given userid.
IF all is OK, only then I process the RPC request further.
Also, I am planning to make all my RPC handlers to extend a common RPC Handler which will accept these parameters.
I am new to GWT and GAE, any help will be greatly appreciated.
Thanks.