How to keep backend session information in Polymer SPA -


i'd login restful back-end server written in laravel5, single page front-end application leveraging polymer's custom element.

in system, persistence(crud) layer lives in server. so, authentication should done @ server in responding client's api request. when request valid, server returns user object in json format including user's role access control in client.

here, my questions how can keep session, when user refreshes front-end page? thanks.

this issue beyond polymer, or single page apps. question how keep session information in browser. spas bit easier, since can keep authentication tokens in memory, traditional web apps have had issue since beginning.

you have 2 things need do:

  1. tokens: need user token indicates user authenticated. want cannot guessed, else can spoof it. token better not "jimsmith" more reliable. have 2 choices. either can have randomly generated token server stores, when presented on future requests, can validate token. how session managers work in app servers nodejs sessions or jetty session or etc. alternative cryptographic server needs validate mathematically, not check in store see if token valid. did node in http://github.com/deitch/cansecurity there various options it.
  2. storage: need way store tokens client-side not depend on js memory, since expect reload page.

there several ways client-side storage. common far cookies. since browser stores them without trying hard, , presents them whenever access domain cookie registered for, pretty easy do. many client-side , server-side auth libraries built around them.

an alternative html5 local storage. depending on target browsers , support, can consider using it.

there ways can play url parameters, run risk of losing when switches pages. can work, tend avoid that.

i have not seen components handle cookies directly, shouldn't hard build one.

here gist cookie management code use recent app. feel free wrap build web component cookie management.. long share alike!

https://gist.github.com/deitch/dea1a3a752d54dc0d00a

update:

component.kitchen has storage component here http://component.kitchen/components/tylergarlick/core-resource-storage


Comments

Popular posts from this blog

Payment information shows nothing in one page checkout page magento -

tcpdump - How to check if server received packet (acknowledged) -