Extjs 4 Session Management

Question

I am having web based application in which user session has to be managed management.

In app.js I have used launch config as :

launch: function(){
    Ext.create('myproject.view.LoginForm')
}

LoginForm : will show log in dialog and invoke login controller for communicating with server for authenticating the credentials provided by the user.

So when ever user refreshes the page Extjs is asking for log in that is because of I am not checking the session in here, How should be the session details stored in Extjs client and check to avoid prompting the log in unless user has log-out ? and How to manage user session ?

Answer 1

Session Management can be done using

Inside login controller

// Storing user details in session / cookies 
Ext.util.Cookies.set("key", value); 

On logout button

// remove user details from cookies
Ext.util.Cookies.set("key", value); 

In App.js

autoCreateViewport: false,

launch: function(){

    var key= Ext.util.Cookies.get("key");

    if (key=== undefined || key== 'null' || key== null || key.length <= 0){
        // load login UI as user is not logged in
        Ext.create('app.view.LoginForm');
    }
    else {
        // load main UI as user is already logged in
        Ext.create("app.view.Viewport");
    }
}

Answer 2

User identity and session information must be stored server side. Typically a cookie is set once the user authenticates successfully so as not to prompt the user again. This cookie is sent from the server and is stored in the browser automatically and sent back to the server for inspection on page refresh. Server should validate the cookie if OK allow user to proceed.

Per @existdissolve comments below

In your launch method, simply run a a session check before you create the login form. Whether this is cookie checking or a request directly to the server, the result of the session check can then trigger the creation of the login form, or whatever other logic you have for creating the rest of the application