Gmail Burglar Alarm - Technical Details

Hi,

I had written about the Google Gadget [Gmail Burglar Alarm] that logs your gmail session. This post is dedicated to the technical details of the Gadget. The gadget is hosted on Google App engine with its code available on Google Code.
The Gadget is a simple xml file that loads some javascript to make the first call to store the time of login. It also checks the preferences of the gadget ot see if it has been initialized already. The preferences store the session token required for writing events to Google Calendar and would be available if this is not the first run.
If it is indeed the first time the gadget is executed, the following takes place. It is a little tricky to
  1. Show grant access button in the gadget
  2. On clicking grant access, open a new window and show Google's Grant access page with target set to gmailids.appspot.com domain.
  3. When user selects grant access, he is redirected to the target page with the session token
  4. The auth token is exchanged for session token and the page is reloaded
  5. The page stores the session token in the cookie and closes the window
  6. The gadget would be listening to a window close event and when it does, it requests for a cookie reader page.
  7. The cookie reader page reads the cookie at the server and includes it as a script.
  8. This is then saved as a user preference and the page is reloaded.
Once we have the session token, we make a request to store the login time. Similarily, we also make requests every 30 seconds to update the possible log off time. The gadget can listen for window.onunload, but there appreas to be a problem. The logoff time has to be stored by making a remote URL request, and this HTTP call is interrupted as the window closes.
I have not been able to figure out a way where I could get app engine to ignore the connection termination and store the request. Till then, I store the session every 30 seconds and it is written to the store when the application loads next.

This was the overall design of the application. Please do suggest improvements / ideas, etc.