How to Secure Your User’s Data After Logout in Akita
Imagine a scenario where several users use the same machine to access your app. User A logs into your system and receives his user data. Soon after, user B uses the same machine to access the app and accidentally receives user A’s data.
The security risk described above can realistically happen, especially if you employ a caching mechanism to avoid HTTP calls.
The most common conditions that lead to this occurrence are:
- Both users use the same browser tab, and they didn’t refresh it between logins.
- Both users use the same browser, and their data was cached in local storage.
In both cases the underlying cause is failure to clear the store’s data after a user logs out.
The Solution
We need to clear the stores’ data after log out. In Akita’s latest version, we’ve added a new function that simplifies the process. ( Credit to Daniel Netzer)
In order to enable it you should set the resettable
option to true
:
import { akitaConfig } from "@datorama/akita";akitaConfig({
resettable: true
});
Now, you can call the resetStores()
function in your service:
import { resetStores } from "@datorama/akita";class AuthService {logout() {
resetStores();
}}
and Akita will take care of resetting the stores back to their initial state.
We recommend using this only if necessary. So, for example, if after a log out a full page refresh is made there is no need to use it. By the way, like everything in Akita, it’s tree-shakeable.
New Angular Meetup in Tel-Aviv
We’ll be hosting a meet-up entitled “Kickass Angular” where we’ll be showcasing the cutting edge technologies we use/have come up with. You’re welcome to join us if you’re in town 😀
Signup and reserve a seat! 👇🏻