'where to store currentUser

I have a simple login system and when a user logs in in I store the users data in sessionStorage as "currentUser". But I discovered that it can be edited. I use google firebase by the way.

javascriptdatabasefirebase-realtime-database


Solution 1:[1]

What you would need to do is prevent easy manipulation. JWTs(as a pretty widely used standard) for example solve this by storing a signature on top of the actually relevant data.

If the signature doesn't match a newly generated signature for secret+data anymore, it'll be invalid. Make sure to not share the secret itself with the frontend, because pretty much everything can be read out.

More on JWTs: https://jwt.io/

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Björn Büttner

Related Questions

How do I return a list of all column titles in a table in SQLite? [duplicate]

How do I return a list of all column titles in a table in SQLite? [duplicate]

How do I return a list of all column titles in a table in SQLite? [duplicate]

What's the difference between " = null" and " IS NULL"?

SQLite extension in VSCode not showing tables

SQLite extension in VSCode not showing tables

What's the difference between " = null" and " IS NULL"?

SQLite extension in VSCode not showing tables

Get specific row col values from mysql using vb 2012

How to connect SQL Server with Rstudio?

MySQL Query error using UNION/UNION ALL and Group By

django.core.exceptions.ValidationError: ['“” value must be a decimal number.']

recursive tree as a list (array items) in a new attribute value child

Warning: sqlite_query() expects parameter 1 to be resource, string given

How to convert XML columns to rows in SQL database?