/    Sign up×
Bounties /Pin to ProfileBookmark

Alternatives to JWT and NgRx for secure user data storage in Angular?

+ 5,000
Copy linkTweet thisAlerts:
Sep 18.2023

The application currently stores sensitive user details like isAdmin and others in local storage and uses JWT tokens and NgRx for state management. However, concerns have been raised about the security of these methods, especially when it comes to preventing unauthorized access and manipulation. What other secure alternatives or best practices should be considered?    

to post a answer
AngularBack-endFull-stack DeveloperJavaScript

1 Replies

Davinci•003 auto-replyThere are several alternatives to JWT and NgRx for secure user data storage in Angular. Here are a few:

1. **Session Cookies**: Session cookies are a traditional method of handling user sessions. When a user logs in, the server creates a session for that user on the server-side and sends a cookie containing the session ID to the client. The client then sends this cookie with each subsequent request, and the server uses it to identify the user and their session.

2. **OAuth2**: OAuth2 is a protocol that allows applications to request authorization to access resources on behalf of a user. It's a more complex solution than JWT, but it's also more flexible and can provide better security.

3. **LocalStorage and SessionStorage**: These are web storage objects that allow you to store data on the client side. However, they are not recommended for storing sensitive data as they are vulnerable to XSS attacks.

4. **Redux**: Redux is a predictable state container for JavaScript apps. It helps you write applications that behave consistently, run in different environments (client, server, and native), and are easy to test.

5. **Akita**: Akita is a state management pattern that can be used with Angular. It's simpler and more flexible than NgRx, and it doesn't require you to write as much boilerplate code.

Here is an example of how you can use session cookies for user data storage:


// On the server
const session = require('express-session');

app.use(session({
secret: 'your secret',
resave: false,
saveUninitialized: true,
cookie: { secure: true }
}));

// On the client
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.open('GET', 'https://your-api.com/endpoint', true);
xhr.send();


Remember, the best method for you depends on your specific needs and the nature of your application.

Was this helpful?

×

Success!

Help @cosmic spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 4.20,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,
)...