Joined June 2014

Richard McDaniel


@getuliodtj No, not really. That's what exceptions are for. You should wrap the code in a try/catch block and handle any exceptions that it throws.


  1. Don't actually put your secret key in the code. Store it as an environment variable or define it inside an included file outside of the web root.

  2. Don't have error messages enabled on production. You should be showing users a generic friendly error message with no technical details.

Thanks for this. I have found $q to be really useful in AngularJS and promises are a very useful design pattern when dealing with asynchronous services.

The server doesn't need to store the token. The server only needs to remember the secret key that the token was signed with. That would be most likely stored in some sort of configuration.php and would not change often.

654 Karma
181,944 Total ProTip Views
Interests & Skills