im trying to build a rest api using php(silex) and angularjs. I have problem with backend becouse it's not my good side, im front-end dev so angular is easy and understandable for me but unlike php. I dont have idea to good security my token auth. I thought about jwt-php, but this not solve my problem becouse i dont know where i should store my jwt token. In cookies, session or db? Or where?
I thought about db, but it's making next problem. Namely, when pass and login are correct send to table(tokens) our generate jwt token and id user. And every request from angular http interceptor. and before every request i should check header token and db token with id user to auth. If correct, let's next, else 401 header. It's my idea for this.
But I should store global id logged user to identify with token (so where, cookies?) But when we close the browser this token what we passed it still in db, its my second question, what i should do.
What are the best practies to store,use tokens? I understand tokens from client, but i dont know what i should do with backend.
Thanks.