纯JavaScript应用程序中的页面和令牌管理
[英]Page and token management in a pure JavaScript app
问题描述
I´m trying to build a pure JavaScript app, This app does call to an API, and that API return a token which I will save in a cookie (any advice about it?). 
我正在尝试构建一个纯JavaScript应用程序,这个应用程序确实调用了一个API,并且该API返回一个令牌,我将保存在一个cookie中(有关它的任何建议吗?)。
I have many doubts, the most important are the following, 我有很多疑问,最重要的是以下几点,
How should I make the redirect stuff between pages, and how I prevent that someone access to my page, I want to do something like if there is not cookie (token) and the token is invalid (I will check the token before show the page), redirect to login, if is all correct, show the home page for example 我应该如何在页面之间进行重定向,以及如何阻止某人访问我的页面,我想做一些事情,如果没有cookie(令牌)并且令牌无效(我会在显示页面之前检查令牌) ),重定向登录,如果一切正确,请显示主页
1 个解决方案
解决方案1
0 2019-04-15 17:45:28
Since you have your token in a cookie you should start page load with an API call that verifies session. 由于您在Cookie中有令牌,因此您应该使用验证会话的API调用开始页面加载。 If API returns false simply redirect user to login page, otherwise execute rest of your javascript. 如果API返回false,只需将用户重定向到登录页面,否则执行其余的javascript。 I assume your sensitive data will come from subsequent API calls that should also verify the token. 我假设您的敏感数据将来自后续API调用,这些调用也应该验证令牌。
You probably understand that you can't protect the static content using this method since anyone can add breakpoints on browsers and modify the JS code to their preferences (as in remove the forced redirect), so your focus should be on loading everything you want to be hidden through ajax API calls that are secured with token. 您可能理解使用此方法无法保护静态内容,因为任何人都可以在浏览器上添加断点并将JS代码修改为其首选项(如删除强制重定向),因此您的重点应放在加载您想要的所有内容上通过使用令牌保护的Ajax API调用隐藏 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.