2015-11-01 21:32


So, I am creating this website that sets the sessionstorage variable 'logedIn' to true when the user succesfully logs in like this:

sessionStorage.setItem('logedIn', 'true')

That variable is used on the other webpages to see if the user is logged in before showing content, so that users who aren't logged in can't have access to the webpage. It works like a charm, but I have noticed, that if I manually type the code in the google chrome console, I can easily change the sessionvariable. This is obviously not wanted.

My question is: how can I resolve this problem?

PS: the reason why I don't use PHP session variables is because the login procedure is done with javascript. When the login button is pressed, ajax sends the given credentials to a php script, which checks the database. If it is successfull, it sends back a code to the ajax complete function, which sets the variable. If you have a better method of doing what I need to do, you are very welcome ;)

Thanks, Zeno

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答


  • doukang1962 doukang1962 6年前

    You can't and it's not safe. After AJAX result you should set cookies and validate them on every page on the server side.

    点赞 评论 复制链接分享