M
M
Maxim js2020-04-25 07:42:24
PHP
Maxim js, 2020-04-25 07:42:24

How to make it so that after logina stay logged in on any tabs?

The guys have a login and registration form, after logging in, they go to another page of the application site.
On the current tab from which the user was logged in, the user remains logged in, but if you enter the site from another tab, it again throws you on the login page, although cookies must be saved that the user is logged in ...
Tell me where is the error?

this is what happens after login

ajax("core/login.php", "POST", signin, data);
  function signin(result) {
    if (result == 2) {
      alert('Заполните все поля')
    }
    else if (result == 0) {
      alert('Неправильный логин или пароль!')
    }
    else {
      console.log(result);
      result = JSON.parse(result);
      let d = new Date();
      d.setTime(d.getTime() + (24*60*60*1000));
      let expires = d.toUTCString();
      document.cookie = `email=${result.email}; expires=${expires}; path=/`;
      location.href="app.html";
    }
  }


here is the way out

document.querySelector("#exit").onclick = function(){
  let c = document.cookie;
  console.log(c);
  let d = new Date();
  d.setTime(d.getTime() - (24*60*60*1000));
  let expires = d.toUTCString();
  document.cookie = `${c}; expires=${expires}; path=/`;
  location.href="index.html";
}


here is the site bespoleznyi.site

Ideally, even after logging in, display the name specified during registration)
Please tell me)

Answer the question

In order to leave comments, you need to log in

2 answer(s)
A
AUser0, 2020-04-25
@AUser0

First, storing email in cookies to confirm user authorization is stupid. Usually some unique MD5 is stored there, which is also stored in the database of logged in users. And so you can take a well-known email of a well-known user, put it in a cookie - and voila, I am authorized under this user.
Secondly, cookies can be set from the server itself during an AJAX request, and this will be more correct. You cannot delegate such functionality to JS, which is visible and executed on the user's side.
PS In the field of security, ignoring established standards and inventing your own intricately twisted "bicycles" can bring you down to earth very painfully.

A
Alexander, 2020-04-25
@Seasle

Read until blue in the face

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question