Can I determine login status from JavaScript?
I need a way for JavaScript (without an AJAX call) to know if the user is logged in or not. I suspect the best way to do this is to check a cookie. The ZenID is always set, regardless or whether a user is logged in or not. So far as I can tell, there is no additional cookie set on login. Can anyone confirm if there is an existing way to check login status?
If not, what is the most expedient way to have a IsLoggedIn cookie get set and unset at login/log out? ie. the best file and function to place the setcookie() calls?
Thanks!
Re: Need to determine login status from JavaScript?
In the session, what do I check for to see if logged in? When logged in I get the customers name ID, etc. Is it reliable to see if $_SESSION['customer_id'] is set as a means of determining log in status? It seems like the session should have an IsLoggedIn boolean or something?
Re: Can I determine login status from JavaScript?
Quote:
Originally Posted by
lightnb
I need a way for JavaScript (without an AJAX call) to know if the user is logged in or not. I suspect the best way to do this is to check a cookie.
Seems reasonable.
Quote:
Originally Posted by
lightnb
The ZenID is always set, regardless or whether a user is logged in or not. So far as I can tell, there is no additional cookie set on login. Can anyone confirm if there is an existing way to check login status?
I could be mistaken, but the ZenID and cookies are mutually exclusive.... or putting it another way, they are two different methods of storing the same data (or a reference to the same data).
Quote:
Originally Posted by
lightnb
If not, what is the most expedient way to have a IsLoggedIn cookie get set and unset at login/log out? ie. the best file and function to place the setcookie() calls?
I'm not going to even attempt to answer this on account of the fact that there is no 'best' for all situations.
What I can/will tell you though, is that to do whatever it is you are trying to do, is probably going to have some security implications to consider, and that you should never allow access to restricted parts of a website based on client side settings (JavaScript), because unless such restrictions are also backed up by serverside restrictions it would be trivial for a hacker to abuse such scripts to gain access to your server from a 3rd party computer.
Cheers
Rod
Re: Can I determine login status from JavaScript?
When there is a $_SESSION['customer_id'] greater than 0, the customer is logged in ...