Hello ,
I have a project that works only with the API. Now I’m doing user login operations. With API, user login works perfectly. but how do I get the page security in the best way after login? I can’t use Wappler security extension because I don’t have a database connection.
I want to use server-side sessionID, but I cannot forward it to the views inside the SPA. only client-side sessions are running. For the best security, do you direct me or share your suggestions.
Maybe go back to the old dreamweaver site security method, on login set a session variable and then test for the presence of that session variable with a bit of php in the header.
How can I use server side SESSIONS in SPA views . what is your suggestion ?
NO SPA expert to be honest, never use them but can you not:
In a login type server action define a session variable such as $_SESSION[isloggedin’] == True (or whatever you want)
You will have to initialise the session within the master page.
<?php
session_start();
if(!isset($_SESSION['isloggedin'])) {
$_SESSION['isloggedin'] = False;
}
?>
The test for it’s presence in the appriopriate page with something like:
if ($_SESSION_['isloggedin] == False) {
header("Location: mynotloggedinpage.php");
}
?>
this project working on ASP.NET
Sorry, don’t do ASP.net but i am sure there is an equivalent way of managing a session variable.
Something like:
if (Session[“LoggedIn”]) !=False) ?
and
Response.Redirect()