Methods of saving user info in AngularJS

Question

I want to know about the ways of saving user info.

Many seniors have recommended using $cookieStore , or Authentication or etc.

But how about using $rootScope ?

My idea is when user has logged in, saving his/her id and password into $rootScope .

(Naming like $rootScope.user_id = 'stupid'; )

Is this dangerous way?

I don't know whether this question is duplicated or not, but I couldn't find one talking about using $rootScope .

.

.

UPDATE

My config is like below.

'root controller' can see every scopes, so even if I refreshed pages,

$rootScope value does not disappear.

$stateProvider
.state('root.login',{
    url: '/login',
    controller: 'LoginCtrl',
    templateUrl: 'views/login.html'
})
.state('root.signup',{
    url: '/signup',
    controller: 'LoginCtrl',
    templateUrl: 'views/signup.html'
})
.state('root.main',{
    url: '/main',
    controller: 'MainCtrl',
    templateUrl: 'views/main.html',
})

Answer 1

Its very bad way to store raw user credential in rootScope or cookies. However you can archive this by using userToken or session given by server side.

Example for userToken

1. send user login req to backend server
2. server return response userToken
3. angularjs store userToken in cookies
4. everytime angularjs req to backend, must append with this userToken(usually put in header)

Example for session

1. send user login req to backend server
2. server return result (as backend server will create session on http in server itself)
3. angularjs can send req to backend normally ( backend will validate whether session is valid or not to accept the req)

so if user refresh the page or switch the page you can call backend server to validate the userToken or session.

Answer 2

如果您存储敏感数据，$ rootScope将很容易受到攻击，而不是使用localstorage通过使用某些加密算法和密钥的加密来存储用户凭据，并如上所述，创建服务来获取和设置值。