Can the session be configured so the page (client) cannot set a value to it, so hackers will not be able to hijack and manipulate it?
I want to use the session values in the backend for saving user information which impact user permission to collections so letting the page make changes to it may results in modifying the permissions by the client.
Alternatively, is there a way to use cache in the backend? expect for installation dedicate NPM package for caching…
thanks,
Guy
Why wouldn’t you store the data in a databse? Why do you need a backend cache?
As each time a query is made to any collection I need to check the user permission, this means that on each query in the application I need to do additional query which is redundant as the user permission does not change and it is enough to store it in memory (cache) and use it when required. This is a well know paradigm in web application architecture. I think there’s a cache mechanism for collection but not sure about it…
I don’t think you can do it using Corvid.