Hello everyone, I am currently working on a mobile web, single page. Please ask me a question.
The first request returns all html, css, js. #modifyPW is the route to modify the password.
If the user is not logged in, the user can see the password modification interface by modifying the url if using the browser on the mobile side. How can this be prohibited?
Is the current thinking judged by js? Don’t know this kind of thinking right?
How did you all solve it?
The browser’s local js can do some basic permission verification, but since the local code can be changed by the user, it is suggested that permission verification is also required on the server side.
You can consider such a design. js is used to verify the page (password modification page) that needs permission verification once, which can ensure efficiency. At the same time, after the page (password modification page) is opened, ajax is used to perform secondary verification at the server. If the verification fails, it is processed in the callback function, which can ensure safety.