1

I would like to gather some feedback on how best to handle access control within a web application that has a requirement for offline use.

The app must have access control via username/password but must be available for offline use. That means that the first time the user logs in, the user must have an internet connection. Once logged in the app will set an acl cookie followed by caching all assets through cache manifest.

Is this a solid approach and what other methods have you used to solve this issue?

Thank you in advance for all your feedback.

Upworks
  • 267
  • 2
  • 15

1 Answers1

1

Answering quite late but even if you no longer need it someone else will...

Once offline, you need to store all access info on the device. It will be accessible by third parties so there will be a matter of time before someone will have access to all your app content. I explain to clients that once you publish something for offline use, it's there for anyone to see. You can implement some basic login but unless you use an online service, it's not going to be any secure...

Giving that, use local storage to keep track of initial login. Then, refresh it every so often when device goes online.

NickOpris
  • 509
  • 2
  • 8
  • 20