1

I am writing a React.js non-single page application. I've been using auth tokens to store my authentication sessions which normally works fine with single page applications. But in my case, whenever the client makes a request directly from the address bar, I can't execute the js code that places the auth token in the header of the request.

I would prefer not to use cookies to handle this problem, especially if I plan to convert my application to a single page or isomorphic application. Is there another way to maintain sessions in my application?

Derek
  • 11,980
  • 26
  • 103
  • 162

2 Answers2

1

This isn't specific to React.

You can use JavaScript as you were doing to manipulate custom headers, browser cookies, or URLs with custom query strings.

If users may type directly into the address bar a URL on your web site, you need to use cookies. The browser will automatically send them with each request. Using cookies is a common technique and shouldn't cause a problem if you move to a SPA or isomorphic application.

WiredPrairie
  • 58,954
  • 17
  • 116
  • 143
0

Cookies are your best bet becuse the browser will transparently send them for you. They also work with hybrid mobile platforms (phone gap, etc). And yes, cookies ARE secure if you use them the right way. I've elaborated on this issue in my blog post here: Token Based Authentication for Single Page Apps (SPAs)

robertjd
  • 4,723
  • 1
  • 25
  • 29