Hello!
I'm creating an app based on
Ionic framework with a PHP Backend. I'm using the Rest Server library for CI.
Now, I've a "logic" problem about the login. I've two input, I send a
POST request through
AngularJS to my API, here I check all data, I filter the input, check if user exists, if the password is correct and so on. If all is ok, I send to the app a
json_encode array with the session that I stored.
This is the
code:
PHP Code:
$new_data = array('mail' => $utente->email, 'uid' => $utente->id, 'logged_in' => 'yes');
$this->session->set_userdata($new_data);
$final = array(
'status' => 'success',
'session' => $this->session->userdata()
);
Then, I set a
localStorage with the session stored in that. Why that? Because I want that if the user close the app, without clicking on "logout", whene he opens the app is logged in. Now my question is: is secure to store the session in the localStorage?
This is my localStorage after the login:
![[Image: 454fb2bd200ad0f5308ded8e633c9e73.png]](https://i.gyazo.com/454fb2bd200ad0f5308ded8e633c9e73.png)
I can edit the "uid" value, uid obviously is the user_id. So I think it isn't a secure method to store user session. How can I do that?
Thank you!
