-
Notifications
You must be signed in to change notification settings - Fork 189
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request : Cookie storage option for auth data #483
Comments
Thanks for your feedback. I gonna take a look at it. |
First, I second @chatnuere's thanks :-) Second, my take on cookies vs localstorage:
So, if we'll go for cookies as just alternative storage, my opinion would be to not provide that option. I see cookies as adding extra risks for an unprepared user. And if an expert user knows why cookies are better, they should tell us & we'd use it then, not as an option but as the only way. If we'll use them in an entirely new way, however, that's another story. Needless to say, I'm not a security expert in any way. |
Hello, and thanks for this awesome plugin that saved me a lot of time !
I'm submitting a...
Current behavior
Local storage is the only way to store auth data
Expected behavior
Have an option to store auth data in cookies
What is the motivation / use case for changing the behavior?
Local Storage is accessible to any running javascript on the current page.
A lot of developers are warning about security issues :
I've never seen a big company using angular storing user authentication in local storage :
(https://www.madewithangular.com/)
I'm possibly wrong because i'm not a security expert, but if it is possible to have the choice in the options, that would be great.
Thank you and have a nice day :)
Environment
Angular-Token version: latest
Angular version: latest
Bundler
Browser:
Others:
The text was updated successfully, but these errors were encountered: