The browser's local js can do some basic permission verification, but because the local code can be changed by the user, it is recommended that permissions also need to be verified on the server side.
You can consider this design. On the page that requires permission verification (password modification page), first use js to verify it once. This can ensure efficiency. At the same time, after the page (password modification page) is opened, use ajax to go to the server. Secondary verification, if the verification fails, it will be processed in the callback function, which can ensure safety;
Routes have a life cycle. How to write them depends on the framework or routing component you use. The basic idea is that when a route is activated, there needs to be a rule to determine whether the current user has logged in. If not, he will be redirected to the login page. The route to which this rule applies is a route protected by login.
How to judge? Of course, you need to find a way to save the information that can be used for authentication locally when you log in, and then clear it when you log out.
The browser's local js can do some basic permission verification, but because the local code can be changed by the user, it is recommended that permissions also need to be verified on the server side.
You can consider this design. On the page that requires permission verification (password modification page), first use js to verify it once. This can ensure efficiency. At the same time, after the page (password modification page) is opened, use ajax to go to the server. Secondary verification, if the verification fails, it will be processed in the callback function, which can ensure safety;
Routes have a life cycle. How to write them depends on the framework or routing component you use. The basic idea is that when a route is activated, there needs to be a rule to determine whether the current user has logged in. If not, he will be redirected to the login page. The route to which this rule applies is a route protected by login.
How to judge? Of course, you need to find a way to save the information that can be used for authentication locally when you log in, and then clear it when you log out.