Laravel + AngularJS best practice to store sessions used for post request

Question

I am working on a Laravel + AngularJS application and fairly new to this kind of setup. I wanted to know what is the best practice to store sessions such as user id, email, name, etc. that would be passed onto forms or ajax calls.

Normally, in PHP/Laravel, one would store it using $_SESSION['userId'] or $this->session()->set('userId', $userId); and just get it on the PHP backend to be passed as a parameter when doing a post request.

But what is the best way for a Laravel + AngularJS setup?

Cookies? Localstorage?

I cross out cookies as it cannot handle much information. As for localstorage, I find it too exposed on the client side as it could be easily seen when you inspect it.

Any more recommendations?

Answer 1

Considering you are making a single page app you can use either cookies or localstorage or sessionStorage

localStorage stores information as long as the user does not delete them.

sessionStorage stores information as long as the session goes. Usually until the user closes the tab/browser.

cookies are simply cookies, which are supported by older browsers and usually are a fallback for frameworks that use the above mentioned WebStorages. cookies can store less and requires you to inform the user .

So the best practice would be to use localStorage since sessionStorage is tab based

Answer 2

If your application will be a SPA (Single Page Application) retrieve a token from your BE and store it on the Localstorage of browser. So that you may make a request with that token to get user data from your BE Api.

In SPA's it is not recommended to store your session on BE.

But if your application is heavly depends on BE and not behaves like SPA's using cookies is also appropriate way of doing it.

Answer 3

LocalStorage would be more efficient, mostly if your application are not coupled. When use logs in, you return all their data from Laravel and store it locally using angular. When they logout, you clear the local storage.