Correct way to save User-Data in Electron

Question

Hello, StackOverflow Community.

I am currently programming an electron Application which contains a login. My login is working perfectly but now I do not know how to correctly save the information from the user. The user should not be able to edit the file or the cookie type of thing so that he cannot abuse the system to be another user without knowing his password.

I hope you can understand my problem and help me out!

---

Answer 1

When storing user data you shouldn't store it locally at all you should make an authentication key and store it in your database with your user, you then need to store this on the client side too. Normally people store this in memory therefore once the user exists the system they "sign out" if you don't want them to you could save it to some sort of settings file using something like electron-settings or a cookie using the electron API. Once you have this key you should use that to authenticate calls to your API and when doing so you should check that the key is valid for the user who is performing the action.

Example: When UserA sends a message to UserB you should check that UserA's auth key equals the key which represents UserA in your database.

Using this method will make it hard for other users to "guess" other users keys and also keep user data safe from user interaction.

NOTE: Change the users auth key every time they login to prevent someone from stealing it!