50 Responses to Session Management in GWT

  1. Well halelujah, finaly some simple login tutorial with vanila GWT and with code examples. I was looking for something like this for days. Thank you, it helped a lot. BTW Do you have some project you can put into archive and post it here? It would be even better if yes

  2. Estiwar says:


  3. ajgar says:

    than you very helpful

  4. Rico says:

    Bravo! Examples rule! I love when people Show AND Tell!

  5. fabrizio guespe says:

    When i close the browser, the cookies expire, why is this?

  6. Great. Fair and square. Simple, effective and complete! Worderful job!

  7. sahli says:

    thanks a lot for this tutorial, it was very useful for me however i have one question how generate the sessionid in UserDto?

  8. Goro Otsubo says:

    Thanks for the great example. I have one question.
    In checkWithServerIfSessionIdIsStillLegal function, sessionID is passed as an argument. However, this seems not to be used at all. how does this work ?

    • Varun Tayur says:

      True, sessionID is not required in the current implementation. I have removed that for now since we are checking with the server for the userdto within the session itself. Thanks for pointing that out.

  9. Dim Pg says:

    Great post!! It clarifies the login validation process just fine! I have one question. The UserDTO class is something that you have implemented yourself or is it imported from some package? If it is your implemetation could you post the source code please? Sorry for the newbie question.

  10. Maximiliano says:

    Hello, can you tell me where are you setting the sessionId to userDto and how it is generated or where sessionId come from? Thanks

    • Varun Tayur says:

      With respect to the example, SessionId is not stored in the userDto and it can be saved if required at the server side – you need not generate the sessionId, typically the generated sessionId is available in the HttpSessionEvent. You need to implement ‘HttpSessionListener’ interface – which has methods for sesssion created, destroyed from where you can get the sessionId or alternatively you can get it from the HttpSession object.

      Hope that helps.

      • Maximiliano says:

        Thanks, so i can save the session id in server side, when i call the method storeUserInSession, and it would look like that …
        private void storeUserInSession(UserDTO user)
        HttpServletRequest httpServletRequest = this.getThreadLocalRequest();
        HttpSession session = httpServletRequest.getSession(true);
        user.setSessionId(session.getSessionId);//add this line to save session id into UserDto
        session.setAttribute(“user”, user);
        is it ok?

      • Varun Tayur says:

        Yes, It looks ok.

        Go ahead.



    Hello Varun again, i test it and it run ok. Thank for the fast answer.
    looking into the code, i detect and tell if i am ok, that you are not really using the cookie.
    you create it on button controller and check in module load
    String sessionID = Cookies.getCookie(“sid”);
    if (sessionID == null)
    } else

    if it exists you call checkWithServerIfSessionIdIsStillLegal(), but that method goes to server via rpc, and it really checks for the object user in session
    UserDTO user = null;
    HttpServletRequest httpServletRequest = this.getThreadLocalRequest();
    HttpSession session = httpServletRequest.getSession();
    Object userObj = session.getAttribute(“user”);
    if (userObj != null && userObj instanceof UserDTO)
    user = (UserDTO) userObj;
    return user;

    So If i am not wrong the user doesn’t have to loguin again while session lives and not while the cookie we had created lives.
    am i ok?
    Again thanks you so much for your help.

    • Varun Tayur says:

      Yes, maintaining session information via session cookie is a standard way of implementing session based web applications. I did not use cookies because that is a standard way of doing it, the example shows that you can also maintain session by placing some User configuration – which serves both the purposes , session tracking and retrieving user-info.

  12. Florent says:

    I’ve got a problem when I’m doing that, I am getting :
    No source code is available for type xxx.xxxx.Xxx..LoginService.Util; did you forget to inherit a required module?

  13. Florent says:

    It’s exactly what I did … So I don’t really understand why I’m getting this error ! I have, as you explained :
    public interface LoginService extends RemoteService
    public interface LoginServiceAsync {
    public class LoginServiceImpl extends RemoteServiceServlet implements LoginService

    And I included :
    import com.google.gwt.user.server.rpc.RemoteServiceServlet;
    import com.google.gwt.user.client.rpc.AsyncCallback;
    import com.google.gwt.core.shared.GWT;
    import com.google.gwt.user.client.rpc.RemoteService;
    import com.google.gwt.user.client.rpc.RemoteServiceRelativePath;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpSession;

    There must be something wrong .. but I don’t know what

    • Varun Tayur says:

      If it is eclipse error, try cleaning the project. Sometimes it works. Otherwise I think there is no compilation issue with the code. It is a working project.

      • Florent says:

        I found the main problem, I got an error in my project ! Anyway, I have a new problem : I’m always going in the onFailure function. Do you have an idea why it doesn’t work ?

        Thanks !

  14. Charles says:

    Simple and clean. Thanks!

  15. Francesco says:

    Hi, thanks a lot for this tutorial! But can I ask you one thing, how I get the sessionID when user log in? After validate username and password.

  16. Matias says:

    This was so helpful, thank you so much for posting it

  17. Pingback: "Remember Me" login issue with returning the session ID to the client side | Solutions for enthusiast and professional programmers

  18. Vinod says:

    hi, nice post, but the problem is – it is not working on cookie disable Browser. Can u implement the code by using “RPCManager.setLoginRequiredCallback(new LoginRequiredCallback() {…..}};” ….
    i need how to get session id to this method…

    • Varun Tayur says:

      I have not used/tried this API. You should be able to use any API if the callback is triggered after the login is successful, Because only after successful login will the session-id be saved -else you will observe that the session-id gets generated on every page refresh.

      Hope that helps you.

  19. Thank you bro!!!
    That was excellent!!! :) ;)

  20. amol says:

    hi …
    if (result.getLoggedIn())
    IndexPage w = new IndexPage(result.getName());
    } else

    in above code What is IndexPage class? if you have code of IndexPage class …please can you send it me…

  21. myr0 says:

    When I’m following your Code and implementing it into GWT sample code I get an error at this point:

    new AsyncCallback() { … });

    “Util cannot be resolved or is not a field”

    What am I doing wrong?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s