We are using vue js for front end and .net web api for back end. .net apis are also serving android and ios devices. On login we got all user data including list of urls based on access rights on response of login api. How should I store this data in browser? What is the best way to set and get this role rights data on javascript side? cookie? cookie can be editable. User can edit cookie and get access of the page.

1 Answers

0
Quentin On

On login we got all user data including list of urls based on access rights on response of login api. How should I store this data in browser?

It depends on when you need it.

Just for the current instance of the application? Stick it in a variable / the application state.

Local storage is for persisting the data.

What is the best way to set and get this role rights data on javascript side? cookie?

Cookies are for persistently sending data to and from the server. You might use one to store an authentication token, but it is a silly place to keep a list of URLs.

User can edit cookie and get access of the page.

Your access control should be based on a secret (JWT are popular for this at the moment).

When the browser requests some data from the server you should use that secret to see if the user is allowed to access what it is asking for. You shouldn't assume that they have permission just because they know that a particular URL exists or that the browser sends "I'm allowed to access /secret/password, honest" in the request.