在Backbone.js的＆放大器的工作状态;登录用户 [英] Working with state in Backbone.js & logging in a user

问题描述

我需要检查一个用户已登录，让我在他面前被验证或她用我的 Backbone.js的基于应用程序。

用户身份验证存储在本地骨干模型作为财产，我通过调用 Backbone.history.start 开始我的主路由器前检查。这种方式 - 未认证用户发送直接登录页面

这是足够的？

 如果（！myApp.state.loggedIn）{
    window.location.hash =登录; //设置网址#login
}Backbone.history.start（）; //开始历史如常
 

解决方案

如果访问后端REST API是受保护的服务器端，它不允许访问任何用户数据时，我会为例如停止$执行从开发者工具和编辑模型数据c $ C（如设置state.loggedIn为true，并设置一些用户，我想从ID窃取数据作为我自己）。你应该也有会话cookie的储存，也许CSRF保护到prevent跨站请求伪造。

但基本上后端应该重定向用户到登录页面，只要用户是不是真的登录或他的会话过期。

I need to check that a user have logged in and been authenticated before letting my him or her use my backbone.js-based application.

The user authentication is stored in a native backbone model as a property, which I check before starting my main router by invoking Backbone.history.start. This way - an unauthenticated user is sent to the login page directly.

Is this sufficient?

if (!myApp.state.loggedIn) {
    window.location.hash = "login"; // Set url to #login
}

Backbone.history.start();  // Start history as usual

解决方案

if access to your backend REST API is protected server side and it wouldn't allow to access any user data when i'd for example stop the execution of code from developer tools and edit model's data (like set the state.loggedIn to true and set some user's i'd like to steal data from ID as my own). You should probably have also cookie session stored and maybe CSRF protection in to prevent cross site request forgery.

But basically backend should redirect user to login page whenever user isn't really logged in or his session expired.

这篇关于在Backbone.js的＆放大器的工作状态;登录用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！