![]() If a user has completed multiple steps of a wizard but missed a section you could drop them back into the form where they left off. If the user hasn't filled out a profile you could check that and force them to fill in their profile before navigating through your application. Protecting routes for logged in users is very common, but they can be used for many other experiences. It will contain a piece of state that controls whether or not the user has logged in or not. We'll setup a simple application to start. ![]() If they somehow access this route you should provide a mechanism that upon validating their identity will bring them right back to what they were attempting to achieve. This should never be the be-all-end-all of security but you should never provide a user an action/route that they can't actually access. With the increasing proliferation of single page apps that control routing, as well as utilize non-cookie methods of authentication there is an ever increasing need to control what routes a user can visit.
0 Comments
Leave a Reply. |