如果用户尚未登录,我如何拒绝用户访问我的 Backbone 应用程序的部分内容? [英] How can I deny users access to parts of my Backbone App if they have not logged in?
问题描述
所以我有一个 Backbone 应用程序 + 网页主页.现在,如果您登录我的网站,我会使用数据库中的用户详细信息创建一个全局对象.但是,您仍然可以直接点击应用程序中的其中一个路由.
So I've got a Backbone application + web homepage. Right now, if you login to my website, I create a global object with your user details from the database. However, you can still just hit one of the routes in the application directly.
我应该如何处理未登录"的用户并将他们重定向到您必须登录的页面"?
How should I handle users who are not "logged in" and redirect them to a "you must login page"?
这是标准操作吗?基本上,我有一个 REST url 设置,它只返回
Is this a standard operation? Basically, I have a REST url setup that returns just
{ sessionId: [php-session-id-here] }
如果他们已登录,它会返回更像这样的内容:
If they are logged in, it would return something more like this:
{
sessionId: [php-sess-id],
userId: [user-id-from-db],
firstName: [f-name],
lastName: [l-name]
}
想法?谢谢!
推荐答案
我过去所做的是在每个页面上与 jQuery(实际上,添加到 jQuery 文件)一起包含 AJAX 方法的扩展检查我在用户未登录时发送的自定义代码.当看到该值时,无论发生什么情况,它都会将用户重定向到登录页面.
What I've done in the past is to include on every page along with jQuery (actually, added to the jQuery file) an extension on the AJAX method to check for a custom code that I send when a user isn't logged in. When that value was seen it redirected the user to the login page regardless of what was going down.
这是因为该站点在登录时超时,因此用户可能会在坐在页面上时退出,然后 AJAX 请求就会失败.如果您在登录时没有超时,则看到此问题的可能性很小.只需忽略来自未登录用户的请求.
This was because that site had a time out on login, so a user could get logged out while sitting on a page and then the AJAX request would just fail. If you don't have a timeout on the login the odds of ever seeing this issue are slim. Just ignore requests that come from users that aren't logged in.
如果您在编码方面需要帮助,请从这里开始:扩展 Ajax:预过滤器、转换器和传输一>.
If you need help coding this, start here: Extending Ajax: Prefilters, Converters, and Transports.
真的不应该像伪代码那样复杂:
Really shouldn't require anything as complex as pseudo-code:
- JS 需要做一些 AJAX,所以 JS 与服务器对话
- 如果需要,PHP 检查登录
- 如果未登录,则发回中止消息(我使用转换器来捕获notLoggedIn"数据类型.但是,这也可以通过传输完成,它们只是更复杂.)
- JS 看到中止消息并执行 window.location 重定向而不是返回 AJAX 消息.
如果你愿意,你可以加载一个带有登录表单的灯箱,并通过 AJAX 将它发送到 PHP,在那里可以重新登录,如果你记得失败的 AJAX 尝试,你可以在登录后再次发送它.然后用户甚至不需要离开页面重新登录.
If you want, you could load a lightbox with a login form and send that via AJAX to PHP where a re-login can take place, if you remember the AJAX attempt that failed you can send it again after login. Then the user doesn't even need to leave the page to log back in.
这篇关于如果用户尚未登录,我如何拒绝用户访问我的 Backbone 应用程序的部分内容?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
