Three of the bottlenecks of Vaadin for me

  1. Application always show message session is expired - how to disable it in order not to reload the page another?
  2. Can vaadin pages working in offline mode without touchkit library - because need a lot of data caching in HTML5 local storage in GWT SQL client side and how load cache to vaadin widgets?
  3. Vaadin is a Enterprise technology, but it not use encryption in javascript business logic at client side - now used only GWT standart obfuscation - can make more protection of logic at client side?

Hi Bred,

  1. This sounds like you might just be restarting your server in development with the app running, which would of course expire the session.

  2. Vaadin is a server-side framework, meaning that your UI code runs on the server and the client acts as a thin client. This means that you are not able to use the base framework for offline applications. If you need applications that work offline, you need to have all the logic running on the client so it can continue working without a connection.

  3. Because Vaadin runs all your UI logic on the server, what’s running on the client is just a thin client (think rendering engine). Because of this, none of your application logic ever gets exposed to the browser.

Hope that helps. Be sure to check the Book of Vaadin to get a better picture of how the server-client work division and communication works.


  1. Well, me need turn off development mode

  2. Vaadin is a server-side framework, but can caching a big table in the long time local storage for quickly reloading page with only synchronization of data for more cases?

  3. I think logic of use local storage engine for encrypt storage

If you have big tables, you’ll want to use a Container implementation that is not in-memory. That way the data is pulled from your database as needed, and the memory consumption of your app stays small. Check out for instance Matti’s excellent blog post on this

Of course, if you store sensitive data in the local storage in the browser, you probably want to encrypt it somehow. Just keep in mind that if you encrypt data stored on the client with javascript running on the client (regardless of if it is obfuscated), a person with too much time on their hands will figure out how you do the encrypting/decrypting and bypass it. So my advice would be to not store any such data on the client that the user doesn’t have access to.