I'm doing an app in Javascript and I need to block access to unlogged users, in PHP it's easy using $ _SESSION but with JS I can not find a way
Thanks for the help
I'm doing an app in Javascript and I need to block access to unlogged users, in PHP it's easy using $ _SESSION but with JS I can not find a way
Thanks for the help
What you want is to control ACL to a resource exposed by a backend (php in your case), your frontend is in Javascript so I assume that you are trying to access a WEB or REST service through an Ajax call, this problem is not the platform or language that you use but the communication protocol, HTTP is a stateless protocol, the php session object can use cookies in the browser or a flat file on the server to persist the status of the application while you browse in the different pages, I need more details of which framework you use, which library you use in the client and if the request you make from the client is to the same URL or if you are making a cross domain request, without that I can not give you a more concrete answer but I'll leave some recommendations.
Verify that the address of the browser URL is the same as the one of the endpoint to which you are making the Ajax call, the reason is because the browser does not allow sending the cookie to a server if the address of the endpoint is not matches the browser (this is a cross domain request). if this is the case, then place a proxy service in the original domain, which in turn will make the call to the destination server by extracting the cookie and sending it in the request.
If your scenario is more complex and you need several clients to access your server and make a more complete ACL control then consider using one of the following security schemes.
On security there is a confusion in the previous answers that they gave you, the ACL control and the mentioned security scheme, are the implementation of security in the application layer (Node, PHP, Java, any platform), while to protect the information from attacks like Man-in-the-middle (an intermediary steal your session) you must secure the means of transport, in this case it ensures the HTTP protocol using SSL, HTTP over SSL or more commonly known as HTTPS.
In conclusion, choose an authentication scheme, that of tokens is the simplest and you will find libraries that do the work for you on any platform but do not forget to encrypt the communication using HTTPS.
I hope I have been of help.