0

I'm currently building a website which needs to handle user authentication. I'm already able to register users and do requests which are restricted only to certain users. However, in order to do this, I always need to add an authorization header in all requests. Right now I'm doing this using javascript with XMLHttpRequest.

This setup seems to work as long as the user navigates the website through the UI I've developed. However, with this approach the user will have to sign in again every time he accesses the website by typing the address in the address bar.

So my question is, how can you login a user automatically after he types the address in the address bar? Must I use cookies in order to implement this? Does it make sense to mix cookies and tokens for this use case?

user2100776
  • 81
  • 1
  • 9
  • Yes, this is what cookies are for. – Viktor Sec Apr 18 '17 at 11:15
  • That is most common yes. You can check [this question](http://stackoverflow.com/questions/244882/what-is-the-best-way-to-implement-remember-me-for-a-website) for useful information. – Ivar Apr 18 '17 at 11:15

1 Answers1

1

Create a token at login , save it as cookie and on every page you call a method (with onload) which checks the token. If the token has permission continue, else throw user back to login.

SpaceNinjaApe
  • 312
  • 1
  • 13
  • In the end, all what I needed was to use onload on the body to check if the user is logged in or not. I didn't need to use cookies since the logged-in user is stored in the local storage. (Using AWS Cognito for JavaScript) – user2100776 Apr 25 '17 at 14:13