What is the best way to have a session between the Java Restlet Java interface and GWT? In my application, the user will log in with a username and password, and if he successfully completes the authentication, the user ID is returned. It is then stored in a cookie and used for API calls. Obviously, this is completely unsafe, because someone can simply change the user ID and start updating and retrieving another user.
Is the best way to also pass the token back with the user id, and API calls should contain that token?
source share