79537895

Date: 2025-03-27 05:39:15
Score: 1
Natty:
Report link

I would strongly recommend moving the authentication state away from client-side storage like localStorage.

Client-side storage like localStorage and sessionStorage can be manipulated easily by users, which is why relying on them for sensitive information like authentication status is not secure.

My opinion, if you're starting, try implementing cookies for 2FA AuthManagement.

After successful completion of first layer authentication, set a flag like 'is2FAPending' and set it to true in initialState. This should be set in the backend cookies. Then redirect to the 2FA Page.

I don't know the backend technology you're using, but if you are using Express.js, you can set the cookie inside session().

You can refer this guide to setup:
https://www.geeksforgeeks.org/how-to-manage-sessions-and-cookies-in-express-js/

After successful completion of 2FA set the flag to false and redirect to a Protected Layout which sends a request and check the cookie/session for the state of is2FAPending == false/true

Hope this answers your question!

Reasons:
  • Blacklisted phrase (1): this guide
  • Long answer (-0.5):
  • Has code block (-0.5):
  • Low reputation (1):
Posted by: Mohammed Khalid S