Session Handling in Angular JS, with Spring MVC

Question

I am creating a project in AngularJs at frontend and Spring MVC in backend.

Now assume when a used logged in and if he wants to update his information, for this i have created an api which request for emailid and update the rest object in database of that email id

Now i have some questions,

1.) I dont want to use CookieStore or others sessionStorage or localstorage (because of my personal vulnerability experience and also i want to use session only) in Angular, how can i do it in angular with Spring MVC.

2.) How can i retrieve the email id from session to update data?

3.)If a user goes to another page how can i maintain that session in another page, how can i check that session is there and user is authentic to see the page

Read a lot about it but unable to find the exact solution with session. Answer over there is manage it by cookieStore.or localstorage, Please help

Answer 1

Let's try and see what is happening here using cookies is the right way to this, you may think it is not safe but is the safest way to do it. With cookies you will be sharing the same session in all tabs, so you can handle in all tabs and share it.

There is also an alternative option and is using URL rewriting, quoting @vanje in this question in stackoverflow

the session is only identified via a URL parameter containing the session ID. So every internal URL of your web application has to be enhanced with this parameter using the method HttpServletResponse.encodeURL(). If you are using a web framework like Wicket, chances are good that this is already done for you.

Lets go now with the Angular JS - Spring MVC approach:

There is no need to access the session within the Angular JS front-end, if you need to use it and you are using JSP you may use scriplet to retrieve the information openening a <%= session.getAttribute("user") %> , but as I said there is no need to do this. You may call your function, and retrieve this information in your controller in Spring. You have a controller in angular JS that calls with http to your REST controller in Spring such like this. assuming that you save your user first in session:

$scope.getUserInfo= function () {
        $http.get(appContextPath +'/rest/getuser/').success(function (data) {
            $scope.user= data;
        });
    };

You may have a request mapping for the URL above:

@RequestMapping(value = "/rest/getuser", method = RequestMethod.GET)
@ResponseBody
public User getUserInfo (HttpSession session) {
    User nUser = session.getAttribute("user");
    return nUser;
}