Authentication
Right now, we are letting anyone add, read, update, and delete any record. It is because there is no authenticated user. Once there is an authenticated user, we can place different constraints such as that a user shouldn't be able to delete or update the content of a different user and so on.
So why didn't we simply put in place session based authentication having a Session ID in an HTTP Only cookie? This is done in traditional websites. We start the session, put the user data in session variables and the session ID is stored in an HTTPOnly cookie. The server always reads that HTTP Only cookie and gets a session ID to know which session data belongs to this user. This is what happens in a typical website developed in PHP. So ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access