Why is my page accessible in the browser after my javascript page states true for specific id's only?



I coded an html login form file with a js file to correlate. The action only allows the validated information to access my library page as directed; however, when I type the address to the library page in my browser it goes to the page without blocking it. What should I do?

@MM6th You simply can’t secure a page in the fashion that you’ve tried.

The destination page has no awareness that it is supposed to be “secure”, (which is why it can be accessed directly), nor is there any long-lived outcome from the login script itself.

The boolean true/false response from the validate function in login.js is only impacting submission:

  • true → submits the form, causing it to navigate to the url specified in the action
  • false → prevents form submission

In all cases the target destination of the form is immediately visible as the action of the form.

If you were trying for a very insecure solution along the lines of what you’ve done, then you would need to:

  • Set something to the browser state like a cookie or sessionStorage as a result of performing the login
  • Check for the existence of the item as “proof of login” on the load of the destination page
    • If it’s not found or invalid cause a client side redirect to elsewhere

However it would also be exceedingly simple to bypass, as the full contents of the second file will be sent to the users browser prior to the redirect occurring, you’ve currently got the username/password combinations as plain text in the login.js, and it’d be entirely possible to read the code and simply set the appropriate cookie/sessionStorage value.

Ideally you want to either prevent the user from ever being able to access the route at all, or ensure that if they do access the route that it authenticates first prior to sending/rendering any content.

If you’re trying to make something that’s actually secure you should look at using an authentication provider that solves for this problem, examples are:

Thank you for the clarity and advice. I will take it, and use it.