Hi,
The application I am working on, requires users to have specific access rights or / and belong to certain custom roles within the application.
These access rights are stored in a database.
My question is what is the best way to store that retrieved access rights securely so that a user cannot change the settings in their browser (inspect) and gain access to sections they should not have access to?
Also, I do not want to have the application query the database every time to get the access.
Is it best to store this information in secure cookies or local storage or is there a better way?
Thank you in advance!
Kind Regards
2 posts - 2 participants