So, I am creating this website that sets the sessionstorage variable 'logedIn' to true when the user succesfully logs in like this:
sessionStorage.setItem('logedIn', 'true')
That variable is used on the other webpages to see if the user is logged in before showing content, so that users who aren't logged in can't have access to the webpage. It works like a charm, but I have noticed, that if I manually type the code in the google chrome console, I can easily change the sessionvariable. This is obviously not wanted.
My question is: how can I resolve this problem?
PS: the reason why I don't use PHP session variables is because the login procedure is done with javascript. When the login button is pressed, ajax sends the given credentials to a php script, which checks the database. If it is successfull, it sends back a code to the ajax complete function, which sets the variable. If you have a better method of doing what I need to do, you are very welcome ;)
Thanks, Zeno
You can't and it's not safe. After AJAX result you should set cookies and validate them on every page on the server side.