I had written about the Google Gadget [Gmail Burglar Alarm] that logs your gmail session. This post is dedicated to the technical details of the Gadget. The gadget is hosted on Google App engine with its code available on Google Code.
If it is indeed the first time the gadget is executed, the following takes place. It is a little tricky to
- Show grant access button in the gadget
- On clicking grant access, open a new window and show Google's Grant access page with target set to gmailids.appspot.com domain.
- When user selects grant access, he is redirected to the target page with the session token
- The auth token is exchanged for session token and the page is reloaded
- The page stores the session token in the cookie and closes the window
- The gadget would be listening to a window close event and when it does, it requests for a cookie reader page.
- The cookie reader page reads the cookie at the server and includes it as a script.
- This is then saved as a user preference and the page is reloaded.
I have not been able to figure out a way where I could get app engine to ignore the connection termination and store the request. Till then, I store the session every 30 seconds and it is written to the store when the application loads next.
This was the overall design of the application. Please do suggest improvements / ideas, etc.