Storing client-side state from JavaScript
Question
I've written a game in JavaScript which runs completely client-side. In the game, the player solves puzzles to progress to the next game level. I store the current game level in a cookie, so that they can reload the page and continue from the last level they achieved.
Unfortunately, the user can edit the cookie and thus go directly to any game level. I want to prevent that. What are my options?
2 answers
solution1
0 2022-07-23 05:59:45
Encrypt the cookie with JSON Web Token (JWT). First sign the cookie with a Secret key and store it to the user's browser and in the game decrypt it with your same secret key and get the values. If the user edits the cookie then it will not match your secret key and if secret doesn't match then you can make him play again from the level 1 again as a punishment.
solution2
0 2022-07-23 06:10:02
They can just edit your JS code and bypass whatever checks you add in there. This is how I'd do it, provided each level has only 1 solution.
First of all, save each level in json format. Next, calculate hashsum of each level, when it's in the solved state. Finally, encode each next level with a hashsum of a previous one. And store the hashsum in cookie.
This is how it would work:
- User solves lvl1
- The app converts lvl1 to json and calculates it's hashsum
- The app uses it to decrypt lvl2
In case someone changes lvl number, decoding will still fail. And you would be able to determine the "correct" level by trying to decode all of them 1 by 1.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.