Sounds like you are on the right path. Having a SPA is good for once a user is logged in. We actually redirect the user to a login page outside of angular that handles the session and creates the cookie. The app only offers functionality once logged. Of course, you've already programmed a form for registering in angular, that's fine, but unless you want to get into automatically logging them in and handling the cookie in the app after XHR call to submit the registration, I don't see a way that you can keep the same instance running, ie, the click to confirm will have to reload the page in a new tab. And if they already are logged in as the page is loaded? Basically, the way you are headed, the app will have to make an XHR call to determine whether the user is logged in and show logged in state or show the login form. That's going to be slower than letting the server just decide as the initial page is requested.
On Monday, March 3, 2014 5:30:33 AM UTC-7, Alexandros Karypidis wrote: > > Hi all, > > This is a bit of a weird question.... Unfortunately I am quite > inexperienced in this area, so even though I've managed to get things to > "work", I'd feel much more comfortable if someone venerable validated my > approach and path forward... > > So, I'm using AngularJS for a web app (nothing serious, just a hobby > project), mostly to learn JavaScript and Angular... I've been working on a > typical user registration system where you submit your e-mail address, wait > for a verification email containing a "magic" URL you click on and then > finish the process by completing the form (password, verify password, etc). > > My first questions are with regard to the pre-registration and > post-registration best practices: > > 1. Pre-registration: should you even use dynamic JS (and hence Angular)? > ---------------------- > > The fact of the matter is that the user will come back to the site through > the e-mail link. So why use Angular and XHR to submit the e-mail of the > user being registered? Is that overkill? Do people do that? > > I created the form in Angular, only because that's my target learning > topic. The "registrer" button's javascript callback posts an XHR (with > input obtained from Angular's data binding) call to a Play/Scala back-end > (my other study topic). It then simply refreshes the view to the "check > your e-mail" view by changing the route. > > When I finally got to the point where I get a registration e-mail in my > inbox and have to click on the verification URL, I had a sort of "duh" > moment where I realized I have to reload the entire web application (for > good reason) when clicking on the link... There is a guaranteed > "discontinuity" that makes the point of not refreshing the entire page sort > of "moot". > > I was thinking I could have had a regular form on the home page which is > submitted to Play/Scala for processing and returns the "please check your > inbox" e-mail. Nothing really dynamic is happening on these pages, so why > bother? Is this common? > > 2. Post-registration: how do you login? > ---------------------- > > In a typical web application once the user logs in, you get a session on > the server and a cookie on the client. Assume (haven't implemented this > yet) the user clicks on the verification e-mail and completes the > registration form (name, password, re-type password for verification, > submit). At this point I want the user to be "logged in". I know I can > create a session and set it's identifying cookie in the XHR response, but > is that "typical"? Any special security considerations when using this > approach? > > I can't help but notice that when I access a rich javascript site (e.g. > GMail) I get a separate login page that seems to log me in with regular > form posting, then refirects me to the actual web application page (with > the session identity already set from the login page response). No > javascript XHR, nothing fancy... > > So, what are your thoughts / recommended practices for this? Just looking > for a bit of validation in what I'm doing, that's all... > > -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to angular+unsubscr...@googlegroups.com. To post to this group, send email to angular@googlegroups.com. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/groups/opt_out.
