I am wondering why it seems to be popular to have the login page of a SPA be a s

Question

I am wondering why it seems to be popular to have the login page of a SPA be a separate page that is not page of the SPA (as in loaded and send data through ajax requests)?

I only thing I can think of is security but I can't think a specific security reason. I mean the only thing that come to mind is that if your login page in part of the SPA, it sends the username/password through ajax which can be seen by such tools like firebug or web inspector however even if you send it as a normal POST request, there are other tools that can easily capture this data (like fiddler, httpscoop, etc...).

Is there something I am missing?

Explanation / Answer

Presumably it's to save loading a bunch of client-side assets (like heavy JavaScript frameworks, images, etc) that are only required by the application.

There are more sophisticated means of achieving a similar performance goal (see "Malte Ubl & John Hjelmstad: A novel, efficient approach to JavaScript loading -- JSConf EU 2012") but this is pretty fast to implement and arguably just as efficient, especially if your web app uses almost all of your assets anyway.

You can see this in the wild in a site like the http://infogr.am beta:

http://infogr.am/login/ loads jquery, raphael, custom js and 3 css files.
http://infogr.am/beta/ (the main SPI page for the application) loads 10 javascript frameworks, 5 external css files and around 60 images.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.