My AngularJS application is designed to use localStorage to save the JWT authentication token returned from the backend after authentication. For each request (POST, GET, etc.) going to the backend, the application uses an interceptor to associate the token with the backend. This process worked well until I ran into the following problems:
My manager does not allow using the localStorageJWT to save the username and authorization token, since they will be saved in the browser if he / she does not intentionally exit the application (which clears the cache from localStorage). If the user closes the browser without logging out, the cache will remain in localStorage.
Since Problem 1, I switched to using sessionStorageto save the username and JWT auth token, however it causes additional problems when users right-click on certain links to open the application in a new tab or a new browser window. In a new tab / window, the application cannot see that the user is authenticated, and the backend requests are refused ( 401 error), because the application cannot find the JWT authentication token in sessionStorage in the new tab / window.
If I cache the username and JWT authentication token as variables in the JavaScript code, the application will lose them if the user refreshes the browser.
So these are my dilemmas in using the JWT authentication token in angular. Are there any better solutions for handling requirements: without using localStorage, and the application should continue to use the same JWT authorization token in a new tab or in a new browser window. Thanks!
source
share