Authentication for users on a Single Page App?

Question

I have developed a single page app prototype that is using Backbone on the front end and going to consume from a thin RESTful API on the server for it\'s data.

Coming f

Answer 1

We're using Angular.js and also, have a separate page for the login. The separate page loads a separate single page (and secure) application, that calls the server using http XHR request, sending username and password. If the server authenticated the credentials, the javascript code sets a cookie. this cookie could be read from the 'other side', meaning, the non-secure application. In the cookie we only put the user name and of course, no password or other secured information. then we can show something like 'Not Lior? Logout' on the non-secure app.

Only thing to note is to override Angular's cookie mechanism to set an indefinite expiration and, most importantly, root path:

$document[0].cookie = 'username=' + escape($scope.userName) + ";expires=Thu, 01 Jan 2970 00:00:00 GMT; Path=/";