Hi Pāvils, I assume you mean a https-only cookie? That would do. I slightly prefer localstorage, and avoid cookies altogether. I agree on the 'closed' gate idea. You can set up your express server to demand the token for everything, with exception of the things you need to get for login. Best practices depend mostly on the router (or lack of one). If you are using auth, passportjs has your moslty covvered.
Regards Sander -- You received this message because you are subscribed to the Google Groups "Angular" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
