Is your feature request related to a problem? Please describe.
I am building a web app with public, user, admin level of navigation links. By that means normal user can only view links up till public and user level. Number of records view also by session's 'email' variable. (e.g. selelct *... from x_record where email = .user).
But later i try little hack on my own web app by turn on chrome deveoper tools > Application > Session Storage >update session vars
"email" > to other member email
"role" > from "member" to "admin"
then i was able to view "admin" level navigation and even access the content.
Describe the solution you'd like
Is there a way to prevent session variable being overwrite? With that i can secured my application.
Describe alternatives you've considered
... I still couldn't figure out if session var can so easily modified by chrome
Is your feature request related to a problem? Please describe. I am building a web app with public, user, admin level of navigation links. By that means normal user can only view links up till public and user level. Number of records view also by session's 'email' variable. (e.g. selelct *... from x_record where email =.user).
But later i try little hack on my own web app by turn on chrome deveoper tools > Application > Session Storage >update session vars
"email" > to other member email
"role" > from "member" to "admin"
then i was able to view "admin" level navigation and even access the content.
Describe the solution you'd like Is there a way to prevent session variable being overwrite? With that i can secured my application.
Describe alternatives you've considered ... I still couldn't figure out if session var can so easily modified by chrome