Reputation: 12204
Handling security in ember.js
I would like to start building some serious app using ember.js on the client side vs. node.js on the server side. I know it is a bad thing to handle security on the client side (which is the role of the connected user? Is he admin or normal user?), so i want to maintain the security logic on the server side but i would like to know how to correctly handle it with frameworks like ember/knockout ... has the server to create tokens that will be passed for every subsequent call or is there another way?
Upvotes: 3
Views: 659
Answers (1)
Reputation: 5385
Typically you would have a url where the user would log in (either REST or a "classic" web page) and in the response the server would send back a cookie.
From the on, the browser will always send that cookie back to the originating domain.
Your server would have some middleware to check that this cookie is valid on every request and allow the request through or reject the request with a HTTP 401 code.
Your client javascript code has to handle this 401 response error and in this handler you would show/redirect to the appropriate ui to log the user (back) in.
All this means that you do not have to pass special tokens around, your cookie is the token and is passed around in the request and response HTTP headers.
Upvotes: 6
Related Questions
- EmberJS Authorization and User Roles: Best Practice
- How to handle authentication in an ember.js app
- How to client side authentication with Emberjs
- ensure user login in Ember app
- Best way to protect a REST Api without requiring user authentication
- Ember authentication best practices?
- Ember Client Side Authentication, route authentication
- ember.js authentication
- Handling user authentication when using ember.js
- How to secure EmberJS or any Javascript MVC framework?