Using the session module, I was able to prevent unauthenticated users from seeing the website. However, in order to know which user is signed in, I passed the username, which is unique, in the url. That way I know what to get from mongoDB (database).
However, there is a problem with that. Logged in users are able to see other people's pages if they type it in the url. E.G: http://localhost:8080/home/other_username will open the page for them. I don't want that to open.
Thus, I want another way to know which user is logged in without passing it in the url. If there is no way to do that, how can I solve the previous issue. What should I use?
Thank you.
Aucun commentaire:
Enregistrer un commentaire