0

Is it safe to save token in sessionstorage, which I get from service call in angular2? I was used localstorage, but it can be hacked. If I simply write token from login page to localstorage manually in the browser, it automatically logins, which is a big bug. So any solution?

David Mørch
  • 179
  • 1
  • 15
Abhishek Pratihari
  • 39
  • 8
  • what type of token are we talking about here. what is it's purpose in your app? – abhit Nov 08 '17 at 06:41
  • read this post https://stackoverflow.com/questions/5523140/html5-local-storage-vs-session-storage – Harsha Jayamanna Nov 08 '17 at 06:46
  • I know that link @Harshakj89 .I know how to use sessionstorage. – Abhishek Pratihari Nov 08 '17 at 06:55
  • @AbhishekPratihari I found that answer to your question is there. because I found that post useful when I had a question like yours. – Harsha Jayamanna Nov 08 '17 at 06:58
  • Hello @lakshay .In my app,token was used. When i will login ,it will generate a token in server,which will later used for getting data using that token. Which i have to send with some variables. Now the thing is,token,if i will manually write some token in browser localstorage,it just automatically logged in. – Abhishek Pratihari Nov 08 '17 at 06:59
  • after getting the data using the generated token will you need your token again or it's work is over? – abhit Nov 08 '17 at 07:07
  • @lakshay i need that token.If i will delete that token,then it will automatically logged out. Note that the token i am getting is in HEX. – Abhishek Pratihari Nov 08 '17 at 07:22
  • ok...so if you don't want to use local storage why don't you create an angular service and save the token there and then use the service to get the token wherever you need it. – abhit Nov 08 '17 at 07:25
  • or you could save the token in localstorage using security algorithms like HMAC-SHA. Using this your token will be more secured than storing it directly. – abhit Nov 08 '17 at 07:27
  • ok,thanks.I will try both the cases. – Abhishek Pratihari Nov 08 '17 at 07:28
  • @lakshay If i store the token in a service,is it available ,if i refresh the page? Any suggestion. – Abhishek Pratihari Nov 08 '17 at 07:31
  • yes a service will hold your value until you manually override its value. – abhit Nov 08 '17 at 07:35
  • @lakshay I was just checked that,if i change the name of token,like using any encrypt method,and use in the app. Everytime i start a session it will be named newly.That is the solution. – Abhishek Pratihari Nov 08 '17 at 07:54
  • so the secong case workd for you i guess. – abhit Nov 08 '17 at 07:57

0 Answers0