I am making a static website and I’m also using an unsupported database (Cosmos DB) to store my user accounts so i believe I cannot use the built in login system.
In order to display users email id after login something like “Logged in as abc@gmail.com " or " Hi abc@gmail.com” i want to store email id of the user in a variable after user is logged in.
I have been reading about how email ids are considered as personal data (under GDPR) and should be encrypted / hashed.
So where should i store the email id to display it after log in ? Is it ok to store them in a global variable? What is a good and compliant practice?
What scripting language are you using? I would store it in a session variable.
If you’re using Wappler then I would recommend you go with a supported database and scripting language to really utilise all the features Wappler offers.
E-mail addresses are personal data indeed, but you have a legitimate use case for usage in an account system. If there's anything that needs to be hashed it's the password
For my backend i am using C#
For frontend i am using Wappler . As far as i know cannot use Session Variables as they are a part of Server Connect and Server Connect cannot be used with Static Websites.
Can i use App Connect Variables to store email id ?
I can’t change my database , it’s very fast and cheap…
I’m glad to know that. I just started reading about GDPR and some comments on other websites said that encyption is necessary , some say it is not as long as database is secure. It also apparently depends on use case for example for a medical related site it is essential to protect email id ?
Also for keeping a user logged in i could use a session ID but it requires an additional lookup in database. Storing email id in cookie is also not recommended from what i have read, but some say storing encrypted email ld in cookie may be ok?
Yes, for the healthcare industry you may have to follow additional privacy laws
You can store the e-mail address in a cookie, for showing purposes only. For authorizing/guarding actions (e.g.: viewing or deleting existing users) you'll want a session ID
I’m a newbie so i have been reading and this is what i have discovered so far
Step 1 For keeping user logged in (if they opt in)
Option 1 : Store only session id in cookie. Use it to find the user that it belongs to in the database and login that user. This seems to be the recommended approach from what i have read
Option 2 . Store session id in a cookie. As well as encrypted email id in cookie. Email id will help with faster/easier look up in database. Encryption is recommended if storing email id in cookie, also i was looking at cookies of sites i use and i couldn’t find email id stored in plain text in cookie and encryption seems easy enough so won’t hurt .
Step 2 After user is logged in (This is what i want to know)
I will Retrieve email id , subscription details , saved games etc in a json file as a API Response to display in different areas of my wappler site.
I believe this json file is only held in memory and not actually stored in cache/browser/device? And i believe it is the same for App connect variables ? They are not cached / saved anywhere on device ? Is this correct? Because if they are stored anywhere then it will be pointless to encrypt email in Option B of Step 1…
Storing encrypted e-mail in cookie is pointless, as cookies are private to each website, so your website can only read your cookies
In theory the JSON file is only held in memory. In practice the browser might cache the request if it recognizes it's the same API request. I don't know if this the case, only testing by looking at the network tab of your browser's Developer Tools and see if the API response comes with a "304 Not Modified" HTTP code
If the API request is not cached by the browser, yes, I believe you'd have to implement the caching logic yourself... which is storing the JSON response in a cookie or localStorage and reading from it instead of performing another API request
I found two opposing views regarding storing email ids in cookies which is what lead me to make this post wanting to know opinions of people in this community. Thanks for the insights
Here they are
I don’t want to store the json response anywhere , i’d rather it be deleted when tab is closed… I just wanted to know how App Connect Variables and API Response work in Wappler. If they are saving to a cookie or local storage or cache then i will be more careful when i use them with data like email id
