About API security

Hello ,

I have a project that works only with the API. Now I’m doing user login operations. With API, user login works perfectly. but how do I get the page security in the best way after login? I can’t use Wappler security extension because I don’t have a database connection.

I want to use server-side sessionID, but I cannot forward it to the views inside the SPA. only client-side sessions are running. For the best security, do you direct me or share your suggestions.

Maybe go back to the old dreamweaver site security method, on login set a session variable and then test for the presence of that session variable with a bit of php in the header.

How can I use server side SESSIONS in SPA views . what is your suggestion ?

NO SPA expert to be honest, never use them but can you not:

In a login type server action define a session variable such as $_SESSION[isloggedin’] == True (or whatever you want)

You will have to initialise the session within the master page.

<?php
	session_start();
	
	if(!isset($_SESSION['isloggedin'])) {
			$_SESSION['isloggedin'] = False;
	}
?>

The test for it’s presence in the appriopriate page with something like:


if ($_SESSION_['isloggedin] == False) {

header("Location: mynotloggedinpage.php");
}

?>

this project working on ASP.NET

Sorry, don’t do ASP.net but i am sure there is an equivalent way of managing a session variable.

Something like:

if (Session[“LoggedIn”]) !=False) ?

and
Response.Redirect()