1

I am new to web app development.

Basically, I have got a GWT based web app. A user first needs to login. After successfully authenticated himself, he will be taken to the second page (actually another GWT view in the same page).

The login will generate a pair of keys from another web service. These key will be used for future communication with the web service, it is like:

   client -> server => web service

Now the problem comes, I cannot save the key pair in a database. What shall I do?

I have been told I can put the key in a cookie and send back to the client. Every time the client raise request the cookie will be sent to the server.

I have also been told to set the keys as the session key and send them to the client.

I am note quite sure what is the different between these two methods. Are they applicable? or secure?

Many thanks

2 Answers2

2

Both methods are applicable. The first one (using cookies) will rely on the user side (its cache). Second one, will keep data on server side (session). As a rule (although it's arguable), you never trust the client. What if client made a clear cache to his browser.

Even for security (I am not an expert here), I think storing data on server is always safer.

Laabidi Raissi
  • 3,263
  • 1
  • 22
  • 28
1

You can use both cookie as well as session or a combination of both to achieve this. Cookie are usually created when you launch your application (Also you can create it as and when required). The disadvantage of this is, it is temporary. As soon as you clear the cache or cookies, whatever cookie you created will be removed. If you store it on server side i.e., in session you must make sure to create a separate key value pair for each set of user, as many users can connect to the same server. The best approach will be using both the option together. I.e., to save a cookie and validate the session id.

This link will help you understand how create a cookie and session.

Community
  • 1
  • 1
Abhijith Nagaraja
  • 3,370
  • 6
  • 27
  • 55