Home>

I'm thinking of making a WEB application using AngulerJS.
However, I don't quite understand how login and sessions work, which is the first point.

So I thought about it myself and summarized it in a diagram.

I think it looks like this, is it correct?

And when you actually code, do you have a vivid mechanism like the one in the figure? Is it okay to assemble?

After all, I'm completely secure! I'm thinking about it, but how is security perfect for people who are creating other WEB applications! It will be in the state of.

I looked at various sites, but I couldn't understand them.

I wonder if I should just assemble this obediently ...
(Of course, when you send information, it is SSL communication with POST, and the session ID is stored in a cookie)

  • Answer # 1

    It's not just about sessions, but if you come across a term you don't understand, first try to find out what the definition is. The definition of a session is widely used in various situations, so you can refer to articles that are easy to understand in other languages.

    It's a PHP article, but I think it's an article that answers this question.

    After all, I'm completely secure! I'm thinking about it, but how is security perfect for people who are creating other WEB applications! It will be in the state of.

    Security is perfect! Not as perfect as someone who thinks. Security isn't perfect in the first place. As an example, we listen to news of incidents caused by unauthorized access in apps such as large web applications that we often hear.

    I wonder if I should just assemble this obediently ...
    (Of course, when you send information, it is SSL communication with POST, and the session ID is stored in a cookie)

    Whether it's a question or a soliloquy, I think it's a bit dangerous to consider and implement only this part. There are more detailed articles and books on security about the actual code and what measures to take, so I think it is necessary to relearn from there.
    Keeping in mind that the questioner will be posting new questions about security in the future, this is a free QA site, and even if you get an answer, there is absolute trust in it. Don't, and the respondents are not responsible.