Javi510348
commented
7 months ago After some research we found out that using "LocalStorage" for saving the user_id and create a session wasn't the best option due to some security concerns that could exist. This is because the data could be easily accessible through the browser by using the developer tools. For that reason, we used the NodeJs module called "express-session" that would create the session for us. Since this is used as middleware, whatever changes are done to the session in a file in the project, it will still make the changes to the session. That means that once we confirm that the user logged in to his account, we will be saving the user id from the user to the session and we could use that id to confirm if the user is logged in.
Another thing done, is that I created a function in "index.js" called Authentication in which it will be responsible of checking if the user is logged in or not, if the user is not logged in it will redirect the user to the login page. This way we are going to ensure that the user would not access anything that he is not supposed to.
If you have any questions please, let me know.
Objective
Create a user session once the login process is finished.
Description
We need to create a user session session once he login to the account. Currently, in the project there is no way to manage or create a user session once he login. In other words, the system doesn't really know that a user wants to create a session. For that reason, we need to create a session by saving the user_id returned from the login and use it in every view, so we that the user is using his account in the system.
Implementation
To be able to implement this task, we need to create a session with node js "express-session" in which it will be in charge of saving the user_id that we get once the user finishes the login process. By saving the id, we should be able to identify the user in the system while he is browsing the webpage. It's possible that some modifications are going to be required in almost every view available right now in the project, so we can make sure that the system knows that the user is currently login. We will know this by looking on the "express-session" and checking if there is an element inside it with the name "user_id". Once all of this is implemented, we should be able to make the process of adopting and editing profile easier because everything will be done automatically and there will be no need of hard coding some sections to make it work.
Deadline
April 19, 2024