Davide Violante

I agree, I've been using this extension for long since some days ago that I had to uninstall it becaose it now returns several errors just for local files (Angular...

The session of the login is already mantained with the token in localstorage. Each user that login have its own token.

> But the data of one user is visible to other What do you mean? Tell me what you need to do in details.

The user data is private, the cat page and data is visible to all users, including the guests. I though about the cats as the "products" that can be seen...

It's not that simple, I just gave you an hint. Every time you do the add new cat you should update the cats array of the user that added that...

On the backend you need to add a new middleware to the endpoints you want to secure. `app.get('/api/orders', authMiddleware, function(req, res) {...} )` That middleware should verify that there is...

You can also use [express-jwt](https://github.com/auth0/express-jwt) ```ts isLogged = expressJwt({ secret: process.env.SECRET_TOKEN, algorithms: ['HS256']}); ``` ```ts router.get('/something', isLogged, userCtrl.something); ``` I keep the issue open to let others see the solutions....

I think express-jwt is tested itself so you don't need to but if you want more freedom I support the solution of @simon-hardy above and test just that function alone.

I think you should use Angular Universal.

Some news about Universal: https://blog.angular.io/angular-5-1-more-now-available-27d372f5eb4e Seems like with a single command you can add universal to any project. I didn''t try it.