通过控制台关闭引导程序模式

Question

I am using java servlets and jsp to create a website and one of my requirements is that if any anonymous user tries to visit any page that needs authentication/login a modal should appear above the page and the modal cannot close until you login or sign up (As in case of quora). So i am checking whether the user is logged in by checking the session attribute in every jsp and if the session attribute is not present i am showing the login modal with backdrop= static using java script.

I have a query, what if someone hides the login modal through console using $("#id").modal("hide") (As i am using bootstrap modal). Is there anyway i can handle this or do i have to take care of this at the backend?

Answer 1

You should take care of it at the back-end as after all the user can disable javascript, instead do it this way:

if(loggedIn)
    //show content for authenticated users

else
    // display the login form

---

Update:

As in this PHP Fiddle - hit RUN to show the result - it is the same above idea but in PHP, if you alter the value of $loggedIn to true it will show the content which needs authentication, if $loggedIn is false it will show a login form

Answer 2

I suppose you could assign an event handler to the hide event.

http://getbootstrap.com/javascript/#modals-events

$('#id').on('hide.bs.modal', function (e) {
  // if some condition, dont let them hide it
})

but if a user can get into things they aren't meant to by invoking this js, they could also just inspect the dom and delete this html element.

Having code like this could help keep people honest but if its a security issue I would make sure to handle it on the server as well.