I coded an html login form file with a js file to correlate. The action only allows the validated information to access my library page as directed; however, when I type the address to the library page in my browser it goes to the page without blocking it. What should I do?
@MM6th You simply can’t secure a page in the fashion that you’ve tried.
The destination page has no awareness that it is supposed to be “secure”, (which is why it can be accessed directly), nor is there any long-lived outcome from the login script itself.
The boolean true/false response from the validate function in login.js is only impacting submission:
action
In all cases the target destination of the form is immediately visible as the action of the form.
If you were trying for a very insecure solution along the lines of what you’ve done, then you would need to:
However it would also be exceedingly simple to bypass, as the full contents of the second file will be sent to the users browser prior to the redirect occurring, you’ve currently got the username/password combinations as plain text in the login.js, and it’d be entirely possible to read the code and simply set the appropriate cookie/sessionStorage value.
Ideally you want to either prevent the user from ever being able to access the route at all, or ensure that if they do access the route that it authenticates first prior to sending/rendering any content.
If you’re trying to make something that’s actually secure you should look at using an authentication provider that solves for this problem, examples are:
Thank you for the clarity and advice. I will take it, and use it.