简体繁体 English

AngularJS中会话存储，本地存储和Cookie之间的区别

[英]Difference between Session Storage, Local Storage and Cookies in AngularJS

原文 2014-10-03 03:39:41 7 2 javascript/ angularjs/ session/ cookies

I would like to dig down into Angular, and for that i would like to know the difference between Session Storage, Local Storage and Cookies. 我想深入研究Angular，为此我想知道会话存储，本地存储和Cookie之间的区别。

Problem Questions --- 问题---

1) $windows.sessionStorage can be used to store user session but the problem with it is, when you open something in a new tab it again ask the user to login. 1）$ windows.sessionStorage可以用来存储用户会话，但问题是，当你在新标签中打开它时，它再次要求用户登录。

2) Will Local Storage would be a solution to problem question 1 ? 2）本地存储是否可以解决问题1？ and if so, does that mean i need local storage and session storage both in my app or local storage will act as session storage as well. 如果是这样，这是否意味着我需要本地存储和会话存储在我的应用程序或本地存储中也将充当会话存储。

3) I am also working on Remember me on my login form - is it safe to store password and email of the user in the local storage for this, if not what is best way to do remember me in angular 3）我也在努力记住我在登录表单上记住我 - 将用户的密码和电子邮件存储在本地存储中是否安全，如果不是最好的方法记住我的角度

4) Cookies are great, but does corporate companies allow them on there browser? 4）Cookie很棒，但公司公司是否允许它们在浏览器上？

Hoping to find decent answers 希望找到合适的答案

Thanks 谢谢

2 个解决方案

1) It is correct that sessionStorage is temporary, and it has been designed to do so. 1） sessionStorage是临时的是正确的，并且它被设计为这样做。

2) Local storage will solve the issue of the login going away with a new browser session being opened or after waiting a long time, but no, localStorage will not act as a session cookie for browser requests. 2）本地存储将解决在打开新浏览器会话或等待很长时间后登录失败的问题，但不会， localStorage将不会充当浏览器请求的会话cookie。

3) Many different server side applications support encryption and tamper-resistant cookie support for applications. 3）许多不同的服务器端应用程序支持应用程序的加密和防篡改cookie支持。 That being said, it is always best not to store user passwords in the client, maybe a token perhaps that your server will recognize and be able to decrypt/decode and look up the correct user record. 话虽这么说，最好不要在客户端存储用户密码，也许是服务器识别并能够解密/解码并查找正确用户记录的令牌。

4) I would say nowadays yes, cookies are generally accepted to be safe, however that is always a possibility, and depending on your clients or audience you may have an issue there. 4）我现在说，是的，通常认为cookie是安全的，但这总是有可能的，并且根据您的客户或观众，您可能会遇到问题。 Also sessions won't work if cookies are disabled in the browser. 如果在浏览器中禁用了cookie，则会话也将无效。 (Though my outlook on this is speculation on a general population, ie: don't quote me on that) （虽然我对此的看法是对一般人群的猜测，即：不要引用我的话）

My recommendation for your needs is to set a session variable when the user encounters the page. 我对您的需求的建议是在用户遇到页面时设置会话变量。 Then store the result in localStorage or with a cookie, and then when the user returns to the application after the session has died, have some architecture set up to re-authenticate and re-assign the session automatically. 然后将结果存储在localStorage或cookie中，然后当用户在会话耗尽后返回应用程序时，设置一些体系结构以重新进行身份验证并自动重新分配会话。

Hope this helps! 希望这可以帮助！

Edit: Session Cookies are shared between browser tabs within the same window. 编辑： 会话Cookie在同一窗口中的浏览器选项卡之间共享。 However Session Storage has been pointed out not to be. 然而，有人指出会话存储不是。