0

I'm trying to build an auth process using angular.js

basically what I want to achieve is to set a session timeout after a certain period of idle.

I also want to expire the current session when a user logs in from another machine.

so in either case 1) idle timeout, 2) duplicate user log in, the server invalidates the token which leads to a 401 Unauthorized error to a user.

and I'm using a $httpProvider interceptor to catch that 401 error and display appropriate message to the user.

The problem is that I want to be able to tell whether the 401 came from 1) idle timeout or 2) duplicate user log in.

I put a flag in the backend as a session attribute but I can't retrieve the session attribute from the angular frontend.

so, my question is,

1) if it's possible for a javascript to read a session attribute 2) if not, what are the alternative ways to tell whether a status code 410 comes from 1) idle timeout or 2) duplicate user log in.

Thank you in advance!

Improve this question

1 Answer 1

Reset to default
1

No, angular runs on the client so it has no access to server side state.

That said, you can return information in the entity of the 401 response to distinguish between the 2 errors.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.