AUTHOREA
Log in Sign Up Browse Preprints

Alec Aivazis edited untitled.html  over 8 years ago

Commit id: 6e2bae1086282486dfd6fc4e8480cbba1d19ecda

deletions | additions      

       

  • In a single page app, all of the decision decisions  about what view/subview to render occurs on the client and does not require a trip back to the server.
    • this drastically reduces load times between different pages

 server.
  • This means that the client has to be able to authenticate the currently logged in user and access its data without going back to the server
  • We have to store information concerning the logged in user in such a way that we can trust it.
    • With the rise of the single page app, a new vulnerability has emerged through the clever use of the javascript console.
      • Previous paradigms did not have this problem because they could authenticate every GET request and prevent the user from going somewhere they shouldn't.
  • JWTs are good because they allow for the client to be responsible for keeping track of the permissions of the currently logged in user.
    • This removes the need for a session store in most cases which dramatically increases scalability
    •