Sencha Touch 2 - Login user state

2
votes

I'm creating an ST2 application where you can login/register etc.

I'm wondering what the normal way is of logging in and having the User state across the entire application.

I have a User model with a REST proxy to get/save the data. When you load up the application I'm doing this to grab the user:

launch: function () {
    var User = Ext.ModelManager.getModel('App.model.User');
    User.load("", {
        success: function (user) {

            // I have the user here but it's only within this scope

        }
    });
}

But doing this it's only available within this function... so what do people usually do to get ahold of the user across the whole application? just store it within the application like:

application.user = user;

or do you create a store with an ID of User, using the User model and then retrieve with:

launch: function () {
    var User = Ext.StoreManager.get('User');
    User.load(function(user) {
        // Do application logged in stuff
         self.getApplication().fireEvent('userLogsIn');
    });
}

someRandomFunction: function () {
    var user = Ext.StoreManager.get('User').getAt(0),
        email = user.get('email');
        console.log(email);
}

Thanks, Dominic

1
javascriptsencha-touchsencha-touch-2
Not clear what you want... do you asking about solution or you want to get confirm to your one? I mean application.user = user... - olegtaranenko
Pretty much just asking how people go about with having a user logged in and then maintaining that state throughout the application. I can get the data across my whole application with Ext.StoreManager.get('User') as the AJAX call has already been done. But when you do Ext.ModelManager.get('App.model.User') then you need to load it each time. So what is generally the way to do this? I'm thinking make a store but it doesn't make sense that a User object is stored in an Array of Users when it's like a singleton sort of model. - Intellix

1 Answers

1
votes

Generally speaking you cannot rely on any information you save locally in your JS application. It can be spoofed and altered relatively easy.

What you need to do is to send username/password combination to your server back end. Server then should return encrypted cookie which application will send back to the server with each following request. Only by decrypting and verifying this cookie server can be sure of identity of logged in user.