GWT session management

问题

I don't too much about gwt session on java. I've some doubts about it. Anyone can check if the implementation below is the way it needs to be done.

public class ServiceImpl extends RemoteServiceServlet implements Service  
{
   void CreateSession(String Username)
   {
      HttpServletRequest request = this.getThreadLocalRequest();
      HttpSession session = request.getSession();
      session.setAttribute("Username", Username);
   }

   boolean ValidateSession(String Username)
   {
       HttpServletRequest request = this.getThreadLocalRequest();
       HttpSession session = request.getSession();
       if (session.getAttribute("Username"))
       {
          return true;
       }
       return false;
   }
}

Is this the correct way to implement these two function???

回答1:

a few correction

    void createSession(String Username) {
        getThreadLocalRequest().getSession().setAttribute("Username", Username);
    }

    boolean validateSession(String Username) {
        if (getThreadLocalRequest().getSession().getAttribute("Username") != null) {
            return true;
        } else {
            return false;
        }
    }

回答2:

This LoginSecurityFAQ is a good place to start.

来源：https://stackoverflow.com/questions/4453611/gwt-session-management