Hi all, This is a bit of a weird question.... Unfortunately I am quite inexperienced in this area, so even though I've managed to get things to "work", I'd feel much more comfortable if someone venerable validated my approach and path forward...
So, I'm using AngularJS for a web app (nothing serious, just a hobby project), mostly to learn JavaScript and Angular... I've been working on a typical user registration system where you submit your e-mail address, wait for a verification email containing a "magic" URL you click on and then finish the process by completing the form (password, verify password, etc). My first questions are with regard to the pre-registration and post-registration best practices: 1. Pre-registration: should you even use dynamic JS (and hence Angular)? ---------------------- The fact of the matter is that the user will come back to the site through the e-mail link. So why use Angular and XHR to submit the e-mail of the user being registered? Is that overkill? Do people do that? I created the form in Angular, only because that's my target learning topic. The "registrer" button's javascript callback posts an XHR (with input obtained from Angular's data binding) call to a Play/Scala back-end (my other study topic). It then simply refreshes the view to the "check your e-mail" view by changing the route. When I finally got to the point where I get a registration e-mail in my inbox and have to click on the verification URL, I had a sort of "duh" moment where I realized I have to reload the entire web application (for good reason) when clicking on the link... There is a guaranteed "discontinuity" that makes the point of not refreshing the entire page sort of "moot". I was thinking I could have had a regular form on the home page which is submitted to Play/Scala for processing and returns the "please check your inbox" e-mail. Nothing really dynamic is happening on these pages, so why bother? Is this common? 2. Post-registration: how do you login? ---------------------- In a typical web application once the user logs in, you get a session on the server and a cookie on the client. Assume (haven't implemented this yet) the user clicks on the verification e-mail and completes the registration form (name, password, re-type password for verification, submit). At this point I want the user to be "logged in". I know I can create a session and set it's identifying cookie in the XHR response, but is that "typical"? Any special security considerations when using this approach? I can't help but notice that when I access a rich javascript site (e.g. GMail) I get a separate login page that seems to log me in with regular form posting, then refirects me to the actual web application page (with the session identity already set from the login page response). No javascript XHR, nothing fancy... So, what are your thoughts / recommended practices for this? Just looking for a bit of validation in what I'm doing, that's all... -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/groups/opt_out.
