Display different data based on login status - client side

Question

Display different data based on login status - client side

I'm just wondering what is the best way to do this, and if it can be worked around. These are my thoughts.

I have a bunch of links that, when clicked, open a detail panel that displays additional information. This is done by ajaxy. The thing is ... if the user is not logged in, they should go to the login page and not display the panel.

So if I were to return the login status of a user from the server and then display the pane or not display the pane ... would that be safe enough? Could this be bypassed in some way?

Are there any better ways to do this?

Thanks in advance.

0

jquery ajax asp.net

Schotime 24 nov. '08 at 1:40

source to share

2 answers

Kibbee · Answer 1 · 2008-11-24T01:47:51+0000

It's easy to get around me. User can create their own AJAX call (don't even need to do AJAX, they can just create a simple old HTTP request), with the login checkbox checked, and get data they shouldn't be using. You are probably better off using information from the session to determine if a user is logged in, without relying on the information sent in the AJAX request.

Vincent Ramdhanie · Answer 2 · 2008-11-24T01:46:09+0000

Instead of sending the login status, why not send back the data for the logged in user only if the user is logged in? This way you do all the logic to determine what to display on the server. The AJAX call gets the data and displays it independently.

If you have idisplay idisplay or not display data, it means you are sending data to the client anyway ... and it is not secure.

Display different data based on login status - client side

More articles: