Angular.js SPA: UI-Router Authorization vs. PHP Auth
Question
In the last days I read a lot about UI-Router Authorization in Angular. But something isn't clear for me:
Why shouldn't I user a php-file (index.php) as a SPA, which do the Authentication itself. That means with executing the file, the script looks in the DB if the user is logged in. Then I write a $_SESSION. With every action which will be done on the website (getting or storing any data) the script checks if the user has the right for that. If this isn't the case, the user has to loggin again.
What is wrong about this idea, as I think doing the login on a JS-site is unsecure?
2 answers
solution1
0 2015-05-09 22:52:35
This is the default way to do thinks, when you dont want to scale your application across different servers. Go for it, it will keep thinks simple.
Only if you have to scale up your application between several webservers (with an loadbalancer upfront) or if you have a REST-API somewhere (which will do the auth) you need an other stretegies.
solution2
0 2015-05-20 22:15:02
As mentioned in the previous answer: the problem is with the scalability of stateful sessions.
It also means that your sever has to render a response before your Angular application can load. This prevents you from creating a "Compiled" or "Static" Angular application which can be quickly served from the browser's HTTP cache if it has not changed since the last time it was used.
The alternative? Token authentication, which uses a stateless, self-signed token to very API requests to your back-end from your front-end. I've written about them here: Token Based Authentication for Single Page Apps (SPAs)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.