Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I\'m currently building an authentication module and I\'ve got a question. I hav

ID: 661248 • Letter: I

Question

I'm currently building an authentication module and I've got a question. I have set up a server with an API and want my users to authenticate to this server, but I use AngularJS for the site. Everything with AngularJS is client side, so I was wondering how to set the user ID without anyone being able to just change it and pretend they're someone else.

The way I'm thinking of doing this is that when a user logs in on my app, I create a random string on my server and hash it. I then send it to the app and store it both in the app's local storage and in the database on my server, and I have the app include it with all requests. This way, when someone makes a request I can just check that string they send is the one in my database; when a user logs out, I clear local storage and remove the string from my database. I create a new string when they next log in.

Is this a good idea? Maybe this is the normal way to go, but I couldn't find any free authentication solutions on the Internet. Since this app will probably have a lot of traffic, I'm not willing to pay for every connection to my server.

Explanation / Answer

The system you're describing sounds a lot like standard cookie based authentication/session management systems, in that you authenticate the user and then provide a session token to them which allows you to identify requests from that user for the duration of their session.

Whilst you could implement this manually, I would recommend against it, as there are quite a few potential pitfalls and things to know about getting session management correct and it would be easy to get it wrong and leave your application vulnerable to common session management attacks.

you haven't said what you're using to provide server-side logic for your application but for example if you're using something like Node.JS, then there are session management modules available in npm (for example Mozilla Client Sessions).

In general if you search for 'session management (your server-side framework)' I'd expect you'll find a number of modules which implement the needed functionality

Related Questions

I\'m confused with my pre lab can I get some help 2 The reaction of 1 142 grams
Question #546282
I\'m confused with question 3,4,8,16,20, and 24. Spring 2011 Physics 211A The ne
Question #1793889
I\'m confused with the Diffe-Helman algorithm and how it\'s secure. I get how th
Question #3839180
I\'m confused with the latest home lightning bulbs. Understanding filament bulbs
Question #1321515
I\'m confused with the limits of integration for part b webassign.net A Bungee C
Question #1659522
I\'m confused with these questions. I tried to answer them but I don\'t feel con
Question #69700
I\'m confused with these questions. I tried to answer them but I don\'t feel con
Question #69781
I\'m confused with this four post lab questions because they look similar to me.
Question #969738
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I\'m currently building a server responsible of storing and managing few million
Next
I\'m currently dealing with multiple blowfish-encrypted files that share the sam

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.