- if (this.state.user.id > 0)
- {
- ajax("/whoami", "GET", res => {
- this.state.user.email = res.email;
- this.state.user.notify = res.notify;
- });
- // TODO: fetch is simpler, but does not set req.xhr (for security check)
-// fetch(params.serverUrl + "/whoami", {
-// method: "GET",
-// credentials: params.cors ? "include" : "omit",
-// }).then((res) => {
-// return res.json()
-// }).then((user) => {
-// this.state.user.email = user.email;
-// this.state.user.notify = user.notify;
-// });
- }
- this.state.conn = new WebSocket(params.socketUrl + "/?sid=" + mysid);
+ // Slow verification through the server:
+ // NOTE: still superficial identity usurpation possible, but difficult.
+ ajax("/whoami", "GET", res => {
+ this.state.user.id = res.id;
+ const storedId = localStorage.getItem("myid");
+ if (res.id > 0 && !storedId)
+ //user cleared localStorage
+ localStorage.setItem("myid", res.id);
+ else if (res.id == 0 && !!storedId)
+ //user cleared cookie
+ localStorage.removeItem("myid");
+ this.state.user.name = res.name;
+ const storedName = localStorage.getItem("myname");
+ if (!!res.name && !storedName)
+ //user cleared localStorage
+ localStorage.setItem("myname", res.name);
+ else if (!res.name && !!storedName)
+ //user cleared cookie
+ localStorage.removeItem("myname");
+ this.state.user.email = res.email;
+ this.state.user.notify = res.notify;
+ });