I'm building a web/phonegap application for an older version of Android (2.3.x). Everything works great up until I try to add any server redirection into the mix. Here's the scenario:
The server (node.js) has a route listening at '/'. When this route is hit, it checks to see if the there is a session or not. If there is no session, it redirects to /login. Fine, this part works (server wise, anyways).
The problem arises when the client gets the redirect. Because Android 2.3 doesn't support history.pushState, it falls back to hashbangs. This means AngularJS rewrites the url to /#!/login, which causes a server request to '/', which causes the server to check session and redirect to '/login', which causes AngularJS to rewrite the url to /#!/login.. and so on and so forth.. indefinitely.
Any ideas how I can redirect from the server with AngularJS? Should I not be handling this logic in my route but instead try to implement it on the client? There has to be a way to handle this, I'm sure, but I just can't seem to figure it out.
Any help would be greatly appreciated. Thanks!!
Use a simple object for commanding redirects:
If the user is not logged in, return {action: "redirect" url:"/login"}
Then in client, after getting the response, check for action == 'redirect' and $location.path(url)
It would be better if you did the authentication purely client-side. Do an ajax call at the start on the angular end asking if we're logged in. If not, prompt the user for information (maybe in a modal dialog) and then POST that to '/login' on the server.
For security, none of the authentication-sensitive information should be stored on the client side. Instead, have it retrieved with ajax - and reply to the ajax with a 401 or some error if the user isn't logged in correctly.