You have 3 pretty good ways for that:
1. you can check on every route change is your user still logged in. (http
request and if it returns 401 handle it on client by setting
window.location="http://yourloginpage.com";)
2. same thing but you check it only when user makes some http request to
handle it. difference is, if you cached data, not logged user can still
access cached data
3. way make special route on the server which will not extend session. and
then, in client, you ping the same route every minute or so, and again
handle it on client by redirecting user to login page.
On Sunday, June 8, 2014 10:00:39 PM UTC+2, Chris White wrote:
>
> My Angular application talks to a REST API I've built and I'd like to only
> make certain routes in my application accessible to users who are logged in.
>
> At the moment, the user logs in with a username/password and the API gives
> them an encrypted access token. I then store that access token in local
> storage and send it in all future requests to the API. This is working
> brilliantly, however I'd also like to make some parts of my application
> accessible only to logged in users. For example, if I tried to go to my
> account settings while I'm not logged in, I want Angular to redirect to the
> login page.
>
> I can do this really easily with the $locationChangeStart event in my
> application's run function:
>
> $rootScope.$on('$locationChangeStart', function(event) {
> // Check if user has an authentication token in local storage, redirect to
> /login if they don't
> });
>
> the problem with this is it will apply this to *all* of my routes. I'd
> like to only apply it to certain routes. I was imagining doing something
> like the following:
>
> $routeProvider.when('/account/settings', {templateUrl:
> '/partials/account/settings.html', controller: 'AccountSettingCtrl',
> requiresAuthentication: true});
>
> $rootScope.$on('$locationChangeStart', function(event, route) {
> if (route.requiresAuthentication && !$localStorage.user.authToken) {
> $location.path('/login');
> }
> });
>
> The other solution I've thought of is to check every response to the API
> and if it returns a 403 (meaning the user isn't sending a valid auth token)
> redirect to the login page. But this has the disadvantage of only
> redirecting when there's an API request, so the account settings page will
> still be visible until a request is sent to the API and a response returned.
>
> I've had a quick look into route resolves however they're really confusing
> me and I'm not sure they're even the way to go. Any advice?
>
--
You received this message because you are subscribed to the Google Groups
"AngularJS" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/angular.
For more options, visit https://groups.google.com/d/optout.
