how to develop angularjs interceptor to control session
If you want a token based control you can do something like this:
Your interceptor:
angular.module('yourApp').factory('YourHttpInterceptor', ['$q', '$window',function($q, $window) { return { 'request': function(config) { config.headers = config.headers || {}; // If you have a token in local storage for example: if ($window.localStorage.token) { // Add the token to "Authorization" header in every request config.headers.Authorization = 'Bearer ' + $window.localStorage.token; // In your server you can check if the token is valid and if it's not, // in responseError method you can take some action } // Handle something else return config; }, // Optional method 'requestError': function(rejection) { // do something on request error if (canRecover(rejection)) { return responseOrNewPromise } return $q.reject(rejection); }, // Optional method 'response': function(response) { // do something on response success return response; }, // optional method 'responseError': function(rejection) { // Here you can do something in response error, like handle errors, present error messages etc. if(rejection.status === 401) { // Unauthorized // do something } if (canRecover(rejection)) { return responseOrNewPromise } return $q.reject(rejection); } };}]);
And in your module config register the interceptor:
angular.module('yourApp', []).config(function($httpProvider) { $httpProvider.interceptors.push('YourHttpInterceptor');}
As you can see in this post a token based authentication follow this steps(almost always) :
- The client sends its credentials (username and password) to the server.
- The server authenticates them and generates a token with an expiration date.
- The server stores the previously generated token in some storage with user identifier, such as a database or a map in memory.
- The server sends the generated token to the client.
- In every request, the client sends the token to the server.
- The server, in each request, extracts the token from the incoming request, looks up the user identifier with the token to obtain the user information to do the authentication/authorization.
- If the token is expired, the server generates another token and send it back to the client.