Menu
I am trying to convert a Drupal 8 site to a progressive web app. I have cached all pages visited by a user using service worker. Is it possible to cache user login so that the user can start using the web app from login page when offline?
975
Whichever way you implement it, there is always going to be a security risk.
Having said that, similarly to a native application, while you cannot cache the login service for obvious security reasons, you could keep the user's logged in. This means that if they are not logged in, they are unable to login, but if they have already logged in previously while connected, then you could keep them logged in.
If the application is working offline and we require authentication then the risks are that someone gets a hold of the device. Since there is no traffic over the network, then that minimizes the attack surface and there isn't the need to worry about MitM attacks or someone getting a hold of the authentication cookie by sniffing.
I think it would help to understand your exact use for authentication while offline. If we are talking about a shipping cart (or different user journey) i would suggest storing some form of encrypted token (based on the user ID + salt) that would be used to recognize the user. These would be added upon successful login while connected to the internet and used to distinguish which user is currently accessing the site.
If you require authentication to gain access to some confidential data, then I would recommend that you require a connection to view that data so that confidential data is never stored on the device. If it is stored locally, then there is a security risk irrelevant of the authentication you have in place.
131
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
