3

I am learning AngularJS by creating a small application.

I am storing user information in sessionStorage at the time of successful login.

LoginController.JS

app.controller("LoginCntrl", function ($scope, $location, angularService) {

    $scope.Login = function () {
        var UserName = $scope.UserName;
        var Password = $scope.Password;

        var getData = angularService.LoginInformation(UserName,Password);
        getData.then(function (msg) {
            if (msg.data == '') {
                alert('no data');
            } else {
                sessionStorage.UserName = msg.dataUserName;
                $location.path('/members');
            }

        }, function (error) {
            alert('error in Login');
        });
    };
});

On successful login, I am redirecting the user to '/memberList' and in memberlistCntrl controller I am checking if sessionStorage is empty or not. If it is empty then I assume that user is trying to access the site without login and I am sending the user back to Login screen

Code in memberlistCntrl

app.controller("memberlistCntrl", function ($scope, $location, allMembers) {

    if (sessionStorage.length == 0)
    {
        $location.path('/login');
        return;
    }

    $scope.MembersList = allMembers.data;

    $scope.createmember = function (path) {
        $location.path(path);
    };
});

My questions,

  1. Is it a right way to check if user is logged in or not?
  2. Is sessionStorage the right object to store the data in "Session" so that i can access it through out all my pages or site?
  3. Is there any better way to accomplish the same?
Improve this question

3 Answers 3

Reset to default
6

My questions,

  • Is it a right way to check if user is logged in or not?
  • Is sessionStorage the right object to store the data in "Session" so that i can access it through out all my pages or site?

Well, it depends on your use-case. sessionStorage gets cleared when the page session ends. A page session lasts for as long as the browser is open and survives over page reloads and restores. Opening a page in a new tab or window will cause a new session to be initiated.

So, if you want your user to logout on opening another tab, you can continue using sessionStorgae. However, thats not the case in most of the sites(do you get logout from stackoverflow on opening a question in 'another tab' ?).

  • Is there any better other way to accomplish the same?

Yes. You can use localStorage or cookies. Stackoverflow keeps this information in a cookie named usr.

If you use chrome, open console(F12).

Go to Resources > Cookies and delete usr. Refresh the page and you'd be logged out.

Gmail, facebook uses a similar technique.

Now AngularJS provides $cookies service to get/set or remove cookies.

The reason why cookies are preferred over localStorage objects to track login status is: cookies are passed to server with each request/response cycle and hence available at server side. If you dont get the required cookie for a particular request, you can simply throw a status 401(Unauthorized) message.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

how to disbale the session in another tab of browser?
0

I assume that you don't want to violate DRY principle and copy and paste code that checks authentication in each controller

if (sessionStorage.length == 0)
{
    $location.path('/login');
    return;
}

Instead try to use $routeChangeStart in one place to prevent user going to page if he is not authenticated.

Example of how to achieve this: http://fdietz.github.io/recipes-with-angular-js/urls-routing-and-partials/listening-on-route-changes-to-implement-a-login-mechanism.html

Improve this answer

Comments

0

Angular supports $cookieStore to store your values. please refer below example.

angular.module('cookieStoreExample', ['ngCookies'])
.controller('ExampleController', ['$cookieStore', function($cookieStore) {
  // Put cookie
  $cookieStore.put('myFavorite','oatmeal');
  // Get cookie
  var favoriteCookie = $cookieStore.get('myFavorite');
  // Removing a cookie
  $cookieStore.remove('myFavorite');
}]);

Refrence : https://docs.angularjs.org/api/ngCookies/service/$cookieStore

OR - EDIT:

If you want to use sessionStorage for data-storage, Than you need to use $window.sessionStorage. Let me suggest you one example.

<a href="javascript:void(0)" ng-click="addItem('111')">Add item in session</a>

$scope.addItem = function(item){
    $window.sessionStorage.setItem(id,item);
}
Improve this answer

3 Comments

thanks for your answer, I will definitely look into $cookieStore. Am I doing the right thing by using sessionStorage or its just a mess? Is my approach valid?
sessionStorage is used in '$window' param. So use like $window.sessionStorage.setItem(id, 'Value');
how to retrieve that session value

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.