Based on Monster group and GPt-write:
Generally, user permissions and login status are saved locally, such as in a browser cookie or in local storage. In this way, you can quickly determine the login status and permissions of users when they visit the website next time, improving user experience.
However, this information does cause security problems if it is maliciously intercepted and modified. Therefore, it is usually necessary to keep the login status and permission information of the user on the server side and verify that this information matches the information on the server side each time the user requests it. This prevents malicious users from tampering with locally saved information.
Therefore, to improve security, you are advised to connect to the server for authentication each time you determine the user login status and permission, rather than relying on the locally saved information. This ensures that the user's login status and permission information are not maliciously tampered with.
