D
D
Daeamon2019-11-06 16:09:09
User identification
Daeamon, 2019-11-06 16:09:09

How to protect authorization in react from manually adding the left token?

Hello, in react for user authorization I use jwt + on the client I check the token field in sessionStorage.
But in the end, it turns out that if the user scores the left token with his hands, then he will be able to navigate through closed pages (of course, he will not receive data).
Is there any method to protect your application from such actions? Checking by timer is a so-so solution, and it is possible that this can be bypassed.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
M
Mikhail Osher, 2019-11-06
@miraage

Showing or not showing pages from stupidly having a token in sessionStorage is a bad idea.
The token must be validated by the server, and from the result of the check, dance on the UI.

V
Vasily Mazhekin, 2019-11-06
@mazhekin

If there is a left token, then when navigating through closed pages, you still request some data. The token is transferred to the server in each such request in the header (the data of closed pages must be protected on the server), and if the token left to you server returns a 401 error, and if you receive it, then redirect to the login page or to the 401 error page and delete the token.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question