Why not simply initialize a JS variable in the page HTML for logged-in users, and then simply checking for it? There's no security vulnerability in doing that, as any part of the client-side code can be manipulated anyway.
On Jul 30, 10:13 pm, Jeff Schwartz <[email protected]> wrote: > I think that for security reasons the headers aren't readily accessible. If > they were you can imagine the hacks the malcontents would be making using > them. > > The idea of using a light weight ajax call is perfect for this. The call > back on the client would only need to receive a boolean yes/no wrapped in a > json object to resolve the question. That's rather a secure mechanism in my > opinion. On the server, a user object could be stored in session state to > indicate he/she is logged in. So the processing on the server is minimal. In > fact, I use this same technique in all my applications including those for > other platforms. > > Other than those that are forced upon me - such as session id - I avoid > using cookies. > > Just my $0.02. > > 2010/7/30 Jaroslav Záruba <[email protected]> > > > > > ...which leads me again to wishing for http-headers being accessible in JS. > > :( > > > 2010/7/30 Jaroslav Záruba <[email protected]> > > > On Fri, Jul 30, 2010 at 8:44 PM, Ikai L (Google) <[email protected]>wrote: > > >>> The "correct" way is to make a request back to your application in > >>> Javascript. You can do cookie hacks, but these have a tendency to be > >>> brittle > >>> and hard to manage. > > >> My understanding is that the original poster wants to have that > >> information at hand *without* any further trips to server, and (most > >> importantly) only as kind of hint. Obviously I don't use that cookie as > >> authorization or password. :) > > >>> On Fri, Jul 30, 2010 at 11:18 AM, Jaroslav Záruba < > >>> [email protected]> wrote: > > >>>> I'm keeping a cookie for that. > > >>>> On Fri, Jul 30, 2010 at 8:13 PM, Saqib Ali <[email protected]>wrote: > > >>>>> How do I check if the user is currently logged in using their Google > >>>>> Account in Javascript? I can set some hidden field to do that, but is > >>>>> there a more elegant way to do this? > > >>>>> saqib > > >>>>> -- > >>>>> You received this message because you are subscribed to the Google > >>>>> Groups "Google App Engine" group. > >>>>> To post to this group, send email to [email protected] > >>>>> . > >>>>> To unsubscribe from this group, send email to > >>>>> [email protected]<google-appengine%[email protected]> > >>>>> . > >>>>> For more options, visit this group at > >>>>>http://groups.google.com/group/google-appengine?hl=en. > > >>>> -- > >>>> You received this message because you are subscribed to the Google > >>>> Groups "Google App Engine" group. > >>>> To post to this group, send email to [email protected]. > >>>> To unsubscribe from this group, send email to > >>>> [email protected]<google-appengine%[email protected]> > >>>> . > >>>> For more options, visit this group at > >>>>http://groups.google.com/group/google-appengine?hl=en. > > >>> -- > >>> Ikai Lan > >>> Developer Programs Engineer, Google App Engine > >>> Blog:http://googleappengine.blogspot.com > >>> Twitter:http://twitter.com/app_engine > >>> Reddit:http://www.reddit.com/r/appengine > > >>> -- > >>> You received this message because you are subscribed to the Google Groups > >>> "Google App Engine" group. > >>> To post to this group, send email to [email protected]. > >>> To unsubscribe from this group, send email to > >>> [email protected]<google-appengine%[email protected]> > >>> . > >>> For more options, visit this group at > >>>http://groups.google.com/group/google-appengine?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google App Engine" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<google-appengine%[email protected]> > > . > > For more options, visit this group at > >http://groups.google.com/group/google-appengine?hl=en. > > -- > -- > Jeff -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
