Question about the security of information stored in session #10848
Unanswered
arian-fallahpour
asked this question in
Help
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'm curious to know what stops a malicious user from changing the session objects (found on
api/auth/session
). For example, say I store a user's role in the session object, and I have routes that are specifically meant for users with the admin role. What stops a hacker from changing the user's role to admin in the session object and thus gaining access to a role. I know a bit of how web authentication works, namely jwt, so I'm curious to know if there are similarities or not.Beta Was this translation helpful? Give feedback.
All reactions