Description
Authentication relies entirely on client-side localStorage values. A user can manually modify stored session data and gain access as any teacher account.
Steps to Reproduce
- Open browser developer tools.
- Navigate to localStorage.
- Modify the stored teacher session object.
- Refresh the application.
Expected Behavior
Teacher sessions should be validated before granting access to protected pages.
Actual Behavior
Any user can impersonate a teacher by modifying localStorage values.
Environment
- Browser: Chrome 125
- OS: Windows 11
- Node.js version: 20.x
Affected Page / Component
Additional Context
Current authentication is entirely client-side and does not validate session integrity.
Hey @rishima17 I would like to work on this issue under SSOC-2026..
Description
Authentication relies entirely on client-side localStorage values. A user can manually modify stored session data and gain access as any teacher account.
Steps to Reproduce
Expected Behavior
Teacher sessions should be validated before granting access to protected pages.
Actual Behavior
Any user can impersonate a teacher by modifying localStorage values.
Environment
Affected Page / Component
Additional Context
Current authentication is entirely client-side and does not validate session integrity.
Hey @rishima17 I would like to work on this issue under SSOC-2026..