2

I am working on a website, where we want user to login using Javascript and not using postback. I have few pages which user can view without logging in, but on these pages if he wants to do something like "Add to favourite" or "Report abuse" or similar, he has to log in. I can display a div where he can log in. But I want the system to perform the task he initially tried to do. So say if the user wants to perform "Add to favourite", he should first log in and on success othere function "Add to favourite" should be called. So logic should know where to delegate once user is logged in.

As this loging stuff is required for many other purposes too, so I can hard code one function once log on is successful. I need something like delegation which Login Routine should know so that it calls it back.

Help will be appritiated.

Regards Parminder

Improve this question
7
  • 5
    Logging in without a postback to the server is highly insecure. It can be bypassed in no time. Are you sure this is what you want to do? Commented Feb 19, 2010 at 17:01
  • What is your website backend? Are you trying to accomplish this using JavaScript alone? PHP, ASP? What database is storing your user information? Commented Feb 19, 2010 at 17:02
  • 1
    @TenaciousImpy - That would depend on your authentication implementation. If login returns a session ID, though the user may be able to hack the page to make the UI (client-side) let him submit the actions, if the server requires that session ID in the next call to complete the action, the error would be thrown at that point, keeping the site secure. Commented Feb 19, 2010 at 17:10
  • @Renesis - That's true, but the returning of a session ID would require a postback. If no postback is supposed to occur in this authentication method, it's implied that the password is being checked client-side. Commented Feb 19, 2010 at 17:14
  • @TenaciousImpy - I assumed the OP was using "Postback" to mean letting the browser submit the form the normal way... I assumed AJAX as an alternative. You are correct that if you have NO server interaction, you certainly cannot have a secure system. Commented Feb 19, 2010 at 17:20

2 Answers 2

Reset to default
4

This assumes you have some basic experience with AJAX and callbacks...

// When the user submits the login form, call the login function with
// the original call as the third parameter

function login(username, password, callback) {
    // Perform AJAX call with username and password.
    // Your AJAX utility should call loginResult as its callback
    // Store the callback parameter on your object somewhere
}

function loginResult(result, callback) {
    if (/* Check if the result contains a valid user or sessionID, etc. */) {
         // Logged in, yay.  Do stuff to the UI to show this.
         if (callback) callback();
    } else {
         // Error logging in, oh no.  Display error.
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

this login function is being called on the button click on the login screen, how this function will know what is callback function.
@parminder - a number of ways; you could store it on the form object that represents your login form.
2

You could store the lastAttemptedAction in the session, and always check this upon a successful login. So the order of events would be:

  1. User accesses site anonymously
  2. User clicks "add to favorite"
  3. "Add to favorite" is added to Session.lastAttemptedAction
  4. User is asked to login
  5. User successfully logs in
  6. Session.lastAttemptedAction is performed/cleared

If nothing is stored in the lastAttemptedAction, then nothing will be ran. The user will silently login, and continue on his or her merry way.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.