1

So I've got a Rail application that is being served up a via Apache/SQL. The main website sits are www.railswebsite.com but also serves up flat data as JSON through its API. Now I want to set up an Angular app that lives on the same domain at www.railswebsite.com/angular/

My question is, would it be possible to just send the user to the rails app login page to set the cookie, redirect them to the angular app, and then just read the cookie within the Angular app to authenticate?

If so, is there an easy method for checking if a logged in state is set via the cookie and then using the ID to call the JSON file from the rails API I have set up?

I'm very green to Angular so I'm not really sure what the best approach would be or if something like this would even be possible. I figured using the already set cookie from the rails app would makes things a lot easier since I'm on the same domain already. Thanks

Mr. BigglesWorth
  • 1,530
  • 3
  • 18
  • 33
  • Using a "logged-in" flag sounds fairly insecure. If /angular is being served up by the rails app, can you restrict access to it on the backend? Any cookies will be sent automatically as long as the request is to the same domain. – c0bra Mar 11 '14 at 21:35
  • The angular app is basically just using a REST API that is built by the rails app so we have some flexibility in that sense. I figured that if the cookie was already set it wouldn't be much of an issue. The goal is that when a user is on the desktop version and logged in they can swap over to the angular/mobile version and remain logged in. – Mr. BigglesWorth Mar 11 '14 at 21:46
  • I saw the following post and I think this is what I want, but I'm not sure how to use the cookie to validate against the JSON feed for personal info. http://stackoverflow.com/questions/17982868/angularjs-best-practice-for-ensure-user-is-logged-in-or-out-using-cookiestore – Mr. BigglesWorth Mar 13 '14 at 18:44

0 Answers0