How to keep a user logged in (ideally securely)
back-end
front-endSo I'm working on my capstone project and it's going okay but there's something that I've noticed that isn't really an issue for my purposes but I really would like to know because in the real world it would need to be addressed (probably).
So the user can log in and get a token and currently, for the user, that token only exists in memory. So let's say they logged in and then opened a new tab and went to the site. Well, they would be logged out in that new tab because the token from the other tab doesn't exist in the new tab; my site doesn't behave like Amazon for example.
I could store the token in a cookie but I've heard that's a bad thing to do right? Since anyone with their token (which would be anyone with access to their computer) could pretend to be them.
But.... I'd HAVE to store SOMETHING locally... right?! But what? Thanks
So the user can log in and get a token and currently, for the user, that token only exists in memory. So let's say they logged in and then opened a new tab and went to the site. Well, they would be logged out in that new tab because the token from the other tab doesn't exist in the new tab; my site doesn't behave like Amazon for example.
I could store the token in a cookie but I've heard that's a bad thing to do right? Since anyone with their token (which would be anyone with access to their computer) could pretend to be them.
But.... I'd HAVE to store SOMETHING locally... right?! But what? Thanks
A friendly place for developers to meet other devs, ask questions, get help, and just have a good time 🙂.
36,263Members
Resources
Similar Threads
Was this page helpful?
