jokosanyang
commented
5 years ago We will either do this or use a JWT to hide the info (stateless auth)
Open bobbysebolao opened 5 years ago
jokosanyang
commented
5 years ago We will either do this or use a JWT to hide the info (stateless auth)
It's really interesting to see how you've implemented cookies, our team didn't get around to implementing cookies. If you continue working on this project, on top of what you've done already I think you can store the cookie information in your database for added security. Currently, it's easy for someone to change the cookie logged_in value in Chrome Dev Tools. To prevent this, perhaps you could add a 'logged_in' column to the users table in your postgres database, and then every time a user logs in you can store their logged_in status in the database. I think this is what's known as stateful authentication.