Recently I’ve noticed problems where some of my users complain about being logged out of the app for now reason. I have a hunch something is going wrong with the way I’m doing auth.
Currently, I’m using a Cookie-based auth by setting
$http.defaults.withCredentials = true;, which seems to work just fine most of the time.
I’m trying to understand what could go wrong, and it seems that if for any reason the cookie-based credentials get wiped, users would be logged out.
To fully dig into this, I want to understand where is the
XMLHttpRequest actually storing these credentails. AFAIK it is not in the actual cookies since hybrid apps are served locally and so don’t have cookies. On top of that,
document.cookie is empty as well.
So where are these Credentials being stored?