I need to check that a user have logged in and been authenticated before letting my him or her use my backbone.js-based application.
The user authentication is stored in a native backbone model as a property, which I check before starting my main router by invoking Backbone.history.start. This way - an unauthenticated user is sent to the login page directly.
Is this sufficient?
if (!myApp.state.loggedIn) {
window.location.hash = "login"; // Set url to #login
}
Backbone.history.start(); // Start history as usual
if access to your backend REST API is protected server side and it wouldn't allow to access any user data when i'd for example stop the execution of code from developer tools and edit model's data (like set the state.loggedIn to true and set some user's i'd like to steal data from ID as my own). You should probably have also cookie session stored and maybe CSRF protection in to prevent cross site request forgery.
But basically backend should redirect user to login page whenever user isn't really logged in or his session expired.
You can also use backbone async before and after filters to solve such problems.
I made a lib to handle logins and session stuff for us.
来源:https://stackoverflow.com/questions/8957543/working-with-state-in-backbone-js-logging-in-a-user