Requirement: A project that completely separates the front-end and back-end, only interacting through API. After the user successfully logs in, the back-end writes the user's name and permissions into a cookie, and the front-end gives different users different permissions based on the cookie
Thinking: Writing permissions to cookies is easy, but how to ensure security?
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
Applications written in angularjs must verify user permissions on both the front and back ends. Because angularjs is a single-page application, all codes are on the front end, and users can modify them at will. Please refer to: https://blog.coding.net/blog/techniques- for-authentication-in-angular-js-applications
Put a SessionID in the cookie, and put other user and permission-related data in the cookie. Users can basically log in without entering their username and password.