I have a customer which want to hide some non-sensitives but privates informations on his website, except for those have enter a secret code to unlock theses informations.
This is a simple protection, not bullet proof, and I first thought to manage a special user for this, but the users will be used later for another part of the website and I think it could be tricky to set both for different purpose.
So I began to think about using cookie to doing this.
Do you think it is the best idea to doing this and do you know how to implement it ?
I’d use javascript’s localStorage API instead of cookies. Something like this:
function displayInfo(){
if(localStorage.getItem('showinfo') == 'true'){
//show the info
}
}
document.addEventListener('DOMContentLoaded', displayInfo);
document.querySelector('#checkCodeButton').addEventListener('click', function(){
let userCode = document.querySelector('#secretcodefield').value;
if(userCode == "secret-code"){
localStorage.setItem('showinfo', true);
displayInfo();
}
}
If you don’t want the secret code to be accessible client-side then you could use the Fetch API to pass userCode to a server-side script for the checking bit.