3

I'm working on Angular-5 and Spring framework. In spring framework we are making webservices using RESTEG and in Angular. I'm calling webservices from Angular-5 services.

Now problem is angular is working on 4200. And Tomcat is working on 8080 port. So, server side session in spring is not generating when I'm calling it through webservices.

Webservices works fine I'm able to call webservices and get response from webservices. But I'm not able to generate session which is generated on Back-End.

I have tried with proxy server also of Angular-5 and proxy works fine. For Proxy setup I'm using this question and it works fine :- angular-cli server - how to proxy API requests to another server?

I'm able to get request and response from it but after creating proxy I have the same issue that session is not creating.

Note :- When I made a build from angular-5 (ng build) and Put it in Tomcat then session works fine but while developing the webservices. I'm not able to generate session.

Example :- I have a webservice, Url1 :- http://localhost:8080/MacromWeb/ws/login

And I'm calling webservices from angular js which is on port 4200.

Url2 :- http://localhost:4200/#/login with parameter email and password.

So, when I'm calling webservices from angular it works fine it gives me response as well but the session which is created on server side is not generating.

Bhavin
  • 2,070
  • 6
  • 35
  • 54

1 Answers1

3

There is no session being shared in this kind of architecture (this is not related to Angular itself). It happens with any kind of app that has the client-side apart of the server (the browser, where the javascript runs, has no access to the server's session. This is different scenario, when you are writing some kind of app that uses server-side rendering template, like PHP, Rails, Java with Velocity or other template engine, etc...). What usually is done is use web tokens to handle security between client and server side.

You can take a look at this full example, based on Angular.

Christian Benseler
  • 7,907
  • 8
  • 40
  • 71
  • thank you for answer. So basically from front-end we can't create a server side session? Because it works with post-man and also after creating angular build it works. – Bhavin May 23 '18 at 11:38
  • 1
    The server can create a session, but the browser does not have access to it. The usual pattern is (1) the client sends some data in the first request that identifies it/the user, (2) the server validates and respond with a token (that can have expiration date, timeout, etc...), (3) the client get this token, persists it and then (4) sends it back in the headers of each request, and (5) the server implements a filter that validates this token wherever it needs. – Christian Benseler May 23 '18 at 11:41
  • 1
    Ohk got it. thank you for this quick and perfect reply. – Bhavin May 23 '18 at 11:43
  • 1
    You can, of course, sends the session id to the client and the client sends it back. But there are some issues with that. You can read here more about it (https://stormpath.com/blog/secure-single-page-app-problem) and I advice you to google about "SPA sessions" – Christian Benseler May 23 '18 at 11:44
  • 1
    Btw, you can think of your backend application being an API that others apps can use. Think about the Google Maps API (or other API you have used once): there are many, many clients using it. There is no session being shared between the client and the api. Instead of it, you have to send the access token provided when you create a new application in dashboard in each request. It is because the same reason: there must be a key that identifies who is requesting. – Christian Benseler May 23 '18 at 11:47
  • Oh. ohk got you. So, I think as per your comments JWT is the best options when we have to deal with single page app and REST webservices. – Bhavin May 23 '18 at 11:50