0

When user presses the login button, I redirect to usercontroller.php and obtain jwt token from API. 

$result = $this->obtainAccessToken($request->email, $request->password);

then I put the JWT token and user info to session.

Session::put('user', $result);

then redirect user to home page.

return redirect(route('home'));

Everything is ok.

I can access that token and user info in view (blade) pages using

Session::get('user');

But sometimes I need to request jQuery ajax to server. But I dont have token info in my js files. How can I send that token info which is stored in session to js files?

Also I tried to store that info in Cookie like;

Cookie::queue('user', $result, 10);

But I couldn't access in jQuery using;

$.Cookie('user');

it returns undefined.

UPDATE

I found a way something like this; 

<meta name="token" content="{{ Session::get('user')->token }} />

and access using jQuery

$('meta[name=token]').attr('content);

but is it safe method?

Improve this question
2
  • I don't know what a JWT token is. If it must not be publicly displayed, then there is no safe way to pass it to any AJAX call. Otherwise it's good :) Commented Feb 25, 2020 at 7:57
  • A jwt token is a common json web token which is send with a request. There exists a package called "jwt-auth". Commented Feb 25, 2020 at 8:06

1 Answer 1

Reset to default
1 
but is it safe method?

Yes, it is. It's the common way you would also choose if you do a ajax-request on your api.

The only thing that could happen is, that the api returns an error code 219 (session expired), when the token is false.

Cheers,

Niklas

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.