2

I am creating a MEAN stack with express 4 and angular 5. I am getting a little confused about best practices when it comes to storing a users object on the browser.

So far I have successfully created the user and stored the user and its encrypted password in my mongodb using mongoose, passport and sessions. At this point I have have my user session saved with passport but I don't quite know what to do next.

Most tutorials simply return the username/email and passord (some even return unencrypted passwords!), but I think this is just for brevity. This leaves me not really knowing what I should return and how exactly I should store it using my Angular Application. So I guess my main questions is:

How do I securley store my user object and/or session on the client browser. I've seen some tutorials send a JSON Web Tokens and the user ID and store it in the localStorage, but is that necessary in my instance since I'm already using a session?

Any help is much appreciated, and any extra information will be provided, just let me know. Cheers!

Stephen Agwu
  • 1,013
  • 2
  • 15
  • 29
  • You either use browser sessions or JWT, don't mix them unless you've good reason to. On the server side you'll want to sign the JWT token _before_ sending it back to the client. Then when the client send the token along with their HTTP request, you can verify the token against your secret key to check authenticity. – Cisco Feb 24 '18 at 21:58
  • How do browser sessions work. What is it that I send and what is it that I store? – Stephen Agwu Feb 24 '18 at 22:23
  • https://stackoverflow.com/questions/3804209/what-are-sessions-how-do-they-work – Cisco Feb 24 '18 at 22:25
  • cool cool, thanks that really clarified some things. Not my final question (im going to look this up too, just want your opinion), do you recommend storing the session id key value pair or using the browser as a remote store with encryption? – Stephen Agwu Feb 24 '18 at 22:38
  • Refer this link you might get a clear idea about passport.js https://www.sitepoint.com/user-authentication-mean-stack/ – N15 Mar 20 '18 at 08:00

0 Answers0