I’m wondering if anyone has any experiences to share with regards to handling authentication using a single sign on system. I’ve read a few other discussion threads on this topic but I don’t really know what approach I should be taking to handle the case where the user is no longer authenticated.
Two approaches I thought about:
-
Don’t bother using
#link-to
. Just use plain anchor tags so that the browser always hits the server. This way, if the user is unauthenticated, the user’s browser will do the single-sign on dance, and eventually get back to the page they are supposed to look at. To make this work, I suppose each page load should ship with all data necessary to render the page without incurring more requests. -
Handle the error event when transitioning. Find out what URL will be loaded and what HTTP method is being used. If it is a GET request, just force the browser to load the URL using
window.location
. Any other requests, stop the transition, and show a message to the user. The problem with this approach is that I don’t see a way to get the information out of thereason
andtransition
objects that are passed to the error handler.