reactjsmeteormeteor-react

Is it a bad idea to set current user as session variable in meteor / react framework?


I am using meteor + react to develop a small app, mostly to understand the workings of react. I am currently not using any form of Flux or Redux.

During multiple instance in the app I have to check if the person using the app is logged in. I am currently doing this with a dataContainer from react-meteor-data.

import { createContainer } from 'meteor/react-meteor-data';
...
class NavigationBar extends Component {
    render () {
        return (
            <div>
                this.props.currentUser
            </div>
        )
    }
}
... 
export default createContainer(() => {
    let currentUser = Meteor.user()
    return {
        currentUser,
    };
}, NavigationBar);

While this works fine, I am starting to find it a bit annoying to have to wrap every component in which I want to check the current user. Since I have customized login and logout functions anyway I was wondering if there is anything wrong (insecure) about setting the current user in a session variable on loggin like this:

> Session.set('currentUser',Meteor.userId());

and then just setting it to null on logout?

Thx alot


Solution

  • It's alright to store user's info in session variable or pass them to the child component as props. But make sure you are removing the session variable properly when the user is logging out. In your case:

    Session.set('currentUser',null);