1

I have several web pages that should work only if certain condition is true. For example, there is a registration page, a login page. If someone is already logged in, I don't want the user to login again or register again until he is logged out. Currently the server saves the login in a SESSION variable and each web page has to called the server to get the SESSION variable and determine whether to display the page or not. This does not seem like a good solution. I am thinking may be saving in on the client side, but I don't know a good approach. Should I use cookie for this ? Is there some other services on the client side to store session data ?

ShaneQful
  • 2,140
  • 1
  • 16
  • 22
tadpole
  • 1,209
  • 7
  • 19
  • 28
  • You're looking for localStorage. – SLaks Sep 21 '14 at 12:33
  • When a session is negociated between the browser and the application server, a token already get's stored in the cookies and will be automatically transmitted to the server upon every request. I do not see any issue with saving the session state on the server in the `session` object dedicated to that? – plalx Sep 21 '14 at 12:36

1 Answers1

0

Cookies are the best option for session details involving login, any other persistent storage should use localStorage.

This is because cookies will be transferred to the server on each request and therefore can be used to authenticate each call.

If your confused about this sort of stuff it can be very dangerous for your site. Try read up on it and try to use whatever the standard is for your language/framework/library.

ShaneQful
  • 2,140
  • 1
  • 16
  • 22
  • It's also possible to store client-side state [in fragment identifier](https://stackoverflow.com/a/16907861/975097), so that the state is included in the URL. – Anderson Green Oct 17 '20 at 02:20