How secure is getting the session ONLY from the server #12154
Unanswered
laurenswuyts
asked this question in
Help
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I'm always fetching the session from the server and passing it on to the client. Now I also have the useSession in the client and refetchOnWindowsFocus is true. Now sometimes, the call fails and because of that the session is null/undefined and some of my components that require authentication are looking like the user is unauthenticated while the user is authenticated.
If I disable refetchOnWindowsFocus, is my app still secure? By that I mean is it possible to inject some kind of fake session with a fake role and be able to see some stuff they aren't allowed to see? Or am I just being paranoia?
Most API calls, at least the POST/DELETE ones, require authentication. So I always check the user. I'm just worried about the client side.
Beta Was this translation helpful? Give feedback.
All reactions