Hi, I’m new on Ionic and I’m building my first app, I’m trying to use routeguards to keep some routes secure the problem is than I store the token on localstorage And when a user Is logged in and open the app the dashboard page loads before than get token can resolve then the user is redirected to login page but when he arrives there the local storage is already resolve and the is redirected again to dashboard
Is there some way to load the local storage before the app starts or at least before than the first route try to use the route guard? Is there another better way to secure my routes? Could you please pint me in the right direction on this.
By the way I’m using Ionic 6, Angular and Capacitor 2
Thanks
This may end up being a much more complicated question than it sounds like at first.
The most important thing to understand here is what “keep some routes secure” can actually mean in the context of an Ionic app. If Joe Rando gets a copy of your app binary, there isn’t any feasible way to stop him from visiting every page in your app, route guards or no route guards. If that’s a problem, you need to reevaluate the design.
So what route guards can do is to deal with situations like “the user’s session timed out, and I need to redirect to the login screen so they can log in again”. Actual security has to be done server-side; there’s no reliable way to do this client-side, because anybody with physical access to the device with the installed app can access any feature of the app.
As for your timing concern, you have fundamentally three options here:
- land on the dashboard page, redirect to login page if not authenticated
- land on the login page, redirect to dashboard if authenticated
- land on a dedicated landing page, redirect to either login page or dashboard as appropriate
2 Likes