0

I'm currently developing a Web Application with AngularJS and I have the following question with the login system: is secure to store the information like username you used to login into the cookies?

I mean, when i login I want to store the username or the id, would be the same, into a cookie, so I can load more information from the database each time the user navigates between the different links. The thing is that I don't know if Angular has any protection about cookie edition or, in other words, should I trust this cookie's value will be the correct one?

For example, having this piece of code, is it secure?

    var request = {
        url: 'backend/getCharacters.php?user=' + $cookies.get('username'),
        method: 'GET'
    };

    $http(request).then(function(response) {
        if(response.status == 200)
            // Get character list
        else
            alert('Something went wrong.');
    });
Xabi
  • 159
  • 1
  • 3
  • 13
  • No. I would encrypt something you can identify the user by OR generate a token and check that value and identity the user. If you just store the ID as a cookie, it can easily be modified to any ID # a user wants. – Dylan Jul 08 '16 at 18:18
  • IMO using cookies to lookup user specific data is not secure, Cookies can easily be modified by the user and then your app will fetch someone elses' data. If I were you I would add some hashing to the id with a key on your server that way when the client requests data the server decrypts the hash and does the query with the proper ID. If they change the hash then it would be invalid on the server and no data returned – Justin Herter Jul 08 '16 at 18:19
  • check answer. tell me it is working or not – Kalu Singh Rao Jul 08 '16 at 18:56

1 Answers1

-1

You should declare ngCookies in your function. You can see following example to understand more about use cookies in angularjs. I hope you would like these resources.

Use this code. I hope it will be work for you.

angular.module('myApp', ['ngCookies']);
function CookieCtrl($scope, $cookieStore) {
  var tabname = [{'KaluSingh'}];  // tabname contains username
  $cookieStore.put('username', tabName);
  };
 var request = {
    url: 'backend/getCharacters.php?user=' + $cookies.get('username'),
    method: 'GET'
};

$http(request).then(function(response) {
    if(response.status == 200)
        // Get character list
    else
        alert('Something went wrong.');
});

stackoverflow.com/questions/10961963/how-to-access-cookies-in-angularjs

https://docs.angularjs.org/api/ngCookies/service/$cookies

https://docs.angularjs.org/api/ngCookies

Community
  • 1
  • 1
Kalu Singh Rao
  • 1,671
  • 1
  • 16
  • 21