大家好,我最近在做一个移动端的web,单页面的。碰到个问题请教下。
第一次请求返回所有的html,css,js。#modifyPW为修改密码的路由。
在用户没有登录的情况下,如果使用移动端的浏览器,则通过修改url能看到修改密码的界面。怎么能禁止这种情况呢?
目前的思路是通过js判断?不知道这种思路对不对?
各位都是怎么解决的呢?
大家讲道理2017-04-17 13:07:36
The browser's local js can do some basic permission verification, but because the local code can be changed by the user, it is recommended that permissions also need to be verified on the server side.
You can consider this design. On the page that requires permission verification (password modification page), first use js to verify it once. This can ensure efficiency. At the same time, after the page (password modification page) is opened, use ajax to go to the server. Secondary verification, if the verification fails, it will be processed in the callback function, which can ensure safety;
高洛峰2017-04-17 13:07:36
Routes have a life cycle. How to write them depends on the framework or routing component you use. The basic idea is that when a route is activated, there needs to be a rule to determine whether the current user has logged in. If not, he will be redirected to the login page. The route to which this rule applies is a route protected by login.
How to judge? Of course, you need to find a way to save the information that can be used for authentication locally when you log in, and then clear it when you log out.