Remember the logged in user in mobile device

Ionic Framework Ionic Angular
1

Hello,

I created a login page on my mobile app using a node js file to test the credentials. If the credentials are correct you get to the homepage, but It doesn’t remember the logged-in user, so every time you clean the ram you have to login again.

Can someone suggest the best way to save the credentials, so that the user can log out only if he chooses to? And maybe help me with a link, video, or some code. I’m not familiar with local storage.

Any help is appreciated!

I’m using Ionic Angular [5] and Capacitor.

My code if needed
.ts file

senduserdata(){
    var dataToSend = {
      username:this.Username,
      password:this.Password,
      usertype:this.getSelectedSubject,
    }

    var url = 'https://mylink.heroku.com/login';

    this.http.post(url,{data:JSON.stringify(dataToSend)},{responseType: 'text'}).subscribe(
      (data)=>{
        alert(data);
        if(data === "Logged In Successfully!")
        {
          this.LoginCustomer();
          this.cartservice.setUsernameCustomer(this.Username);
        }
      }
    ) 
  }

node js file

//Login
app.post('/login', function (_req, res) {
    var data = JSON.parse(_req.body.data);
    var username = data.username;
    var password = data.password;
    var usertype = data.usertype;

    mysqlConnection.connect(function () {
        if(usertype ==="Customer"){
            var query = "SELECT * from " + usertype + " Where Username = '" + username + "' And Password = '" + sha1(password) + "'";
        }
        else{
            var query = "SELECT * from Staff Where Username = '" + username + "' And Password = '" + password + "'";
        }

        mysqlConnection.query(query, function (err, results, _fields) {
            if (err) {
                res.send(err);
            }
            else {
                if (results.length > 0 && usertype === "Customer") {
                    if(results[0].Subscription === "True"){
                        console.log("Found a record!");
                        res.send('Logged In Successfully!');
                    }
                    else{
                        console.log("Email not verified!");
                        res.send('Email not verified! Check your email for the verification email!');
                    }
                }
            }
        })
    })
});
2

This is precisely the problem that token-based authentication protocols like JWT are designed for. I would change your backend to return a signed JWT instead of “Logged In Successfully!” and store that on the phone. Do not store raw passwords on the device.

1 Like
3

Noted!

How to store it on the phone?

Also, does the fact that I’m using an encrypted password make any difference. I’m going to use jwt anyway but wanted to know.

4

Hi, I recommend you the Local Storage

Try it

2 Likes
5

Several options. Ionic Storage works anywhere, Capacitor-based options need device support.

You’re not, actually. SHA1 is a hash function, not encryption, and you’re doing the hashing on the server, so the password itself is sent in the clear (which means it’s absolutely imperative that you be using HTTPS here to communicate with the backend).

“An encrypted password” doesn’t really make any sense.

1 Like
7

As rapropos said, it is better to get an JWT token from the login.
When user signup you can hash the password and save into database, and when user login you can compare the hash and then return a JWT Token to the front-end.

NodeJs + JWT Token - JWT Authentication Tutorial - Node.js - YouTube
Idea on how to process and save the login with JWT - How to Handle User Roles in Ionic Apps with Guard & Directives - YouTube