Open sidling1 opened 4 months ago
The user authentication system currently stores cookies upon login of the user, and removes that cookie on logout.
Hence on loading any page it first check if the cookie is present, then only it ges permission to view that page.
But this is not correct according to me since anyone can create temporary cookies for their browser and thus access the information.
Probably do something like having cookies but saving the user_id or something in them that can be verified everytime we run the application.
The user authentication system currently stores cookies upon login of the user, and removes that cookie on logout.
Hence on loading any page it first check if the cookie is present, then only it ges permission to view that page.
But this is not correct according to me since anyone can create temporary cookies for their browser and thus access the information.
Probably do something like having cookies but saving the user_id or something in them that can be verified everytime we run the application.