backbone.js - handling if a user is logged in or not

Question

Firstly, should the static page that is served for the app be the login page?

Secondly, my server side code is fine (it won\'t give any data that the user shouldn\'t

Answer 1

I think you should not only control the html display but also control the display data. Because user can use firefox to change your javascript code.

For detail, you should give user a token after he log in and every time he or she visit your component in page such as data grid or tree or something like that, the page must fetch these data (maybe in json) from your webservice, and the webservice will check this token, if the token is incorrect or past due you shouldn't give user data instead you should give a error message. So that user can't crack your security even if he or she use firebug to change js code.

That might be help to you.