Checking your sessions in JS website

JavaScript
1

I’m currently working on a website where, once logged in, the user has certain privileges, like downloading certain files, editing DB, etc.

Once the username and password has been confirmed (using JS fetch and checking a PHPMyAdmin DB), I’m using JS localStorage to let the Navigator know that the user has those privileges, and I’m openning a PHP Session for that user. The question is the following:

Is the localStorage enough or should I check the PHP session through fetch every time the user does any relevant changes to the DB? How would you handle this situation?

2

hello and welcome to fcc forum :slight_smile:

  • any browser storage that is “accessible” via JS which means, so can others as well, which in turns become issue for safety
  • using any “session library” would keep you more safer than using “local storage” if it needs to be “security maintained”

perhaps also consider looking into OWASP Top Ten for more in-depth reading about security aspect, happy reading :slight_smile: OWASP Top Ten | OWASP Foundation