1

I want to know about the ways of saving user info.

Many seniors have recommended using $cookieStore, or Authentication or etc.

But how about using $rootScope?

My idea is when user has logged in, saving his/her id and password into $rootScope.

(Naming like $rootScope.user_id = 'stupid';)

Is this dangerous way?

I don't know whether this question is duplicated or not, but I couldn't find one talking about using $rootScope.

.

.

UPDATE

My config is like below.

'root controller' can see every scopes, so even if I refreshed pages,

$rootScope value does not disappear.

$stateProvider
.state('root.login',{
    url: '/login',
    controller: 'LoginCtrl',
    templateUrl: 'views/login.html'
})
.state('root.signup',{
    url: '/signup',
    controller: 'LoginCtrl',
    templateUrl: 'views/signup.html'
})
.state('root.main',{
    url: '/main',
    controller: 'MainCtrl',
    templateUrl: 'views/main.html',
})
CRDeity
  • 107
  • 1
  • 9
  • Save to local storage instead and create a service to save and extract info from the storage would be a batter way – jitender Oct 26 '17 at 06:50
  • [Checkout this link to query about $rootscope approch](https://stackoverflow.com/a/25316785/5621827) – jitender Oct 26 '17 at 06:52
  • when you refresh the page, the user info will gone if using rootScope. Your seniors is correct. by the way, this is bad method to store raw credential into cookies or rootScope. You should use token or session from server side to handle this. – Sh4m Oct 26 '17 at 06:56
  • @jitender thanks to share link. I updated my question. I don't know why but my `$rootScope` does not be refreshed when page have refreshed. – CRDeity Oct 26 '17 at 07:03
  • @Sh4m Thanks to your comment. Then, you mean every time page changing, call token or session from server side? – CRDeity Oct 26 '17 at 07:06
  • @jonrsharpe Thanks for editing my poor English! – CRDeity Oct 26 '17 at 07:09
  • everytime you have request like post , get ,put ,... sending token in hearder for authen in server side – Akashii Oct 26 '17 at 07:17
  • @Akashii yes! so I've used this way like `$rootScope.userInfo={user_id:'blah', user_token:'blahblahblah''}` to all http requests. but there are no problems and this info was not disappeared even if pages were refreshed. So now I'm having a little confusing. – CRDeity Oct 26 '17 at 07:22

2 Answers2

1

Its very bad way to store raw user credential in rootScope or cookies. However you can archive this by using userToken or session given by server side.

Example for userToken

  1. send user login req to backend server
  2. server return response userToken
  3. angularjs store userToken in cookies
  4. everytime angularjs req to backend, must append with this userToken(usually put in header)

Example for session

  1. send user login req to backend server
  2. server return result (as backend server will create session on http in server itself)
  3. angularjs can send req to backend normally ( backend will validate whether session is valid or not to accept the req)

so if user refresh the page or switch the page you can call backend server to validate the userToken or session.

Sh4m
  • 1,424
  • 12
  • 30
  • thanks for your answer. But I wanna hear why this is a bad way. If `$rootScope` is not refreshed, this is not so bad isn't it?? – CRDeity Oct 26 '17 at 07:30
  • still bad way if you put **raw** credential in $rootScope. Example : `$rootScope.username = 'CRDeity'; $rootScope.password = 'thisismypassword';` at least get encrypted value to store into $rootScope. – Sh4m Oct 26 '17 at 07:57
  • Okay. You mean the reason is because it is not encrypted, right? But when if stored in cookie, it can be seen when developer window opened, doesn't it? – CRDeity Oct 26 '17 at 08:11
  • still can view the cookies value thru developer window. Unless you encrypted the value. – Sh4m Oct 26 '17 at 08:17
  • Then, if info has not serialized, both are bad ways? Following your answer, actually these are almost same. So without encrypting info, it seems like both ways are not good. – CRDeity Oct 26 '17 at 09:09
  • yup.. should encrypt the value. But if you encrypt/decrypt from angularjs code, i think it not secure enough. Let server side do the encrypt/decrypt. – Sh4m Oct 26 '17 at 10:09
  • 1
    Thank you very much to your answers of my several questions. I'm really appreciate it. – CRDeity Oct 27 '17 at 02:03
-2

$rootScope will be vulnerable if you are storing sensitive data,instead use localstorage for storing user credential with encryption using some encryption algorithm and key and as mentioned above , create service to get and set values.

Dnsh
  • 1
  • 1