Hi there, I have a react app using supertokens. I ...
# support-questions-legacy
b
Hi there, I have a react app using supertokens. I have a settings page where my users can update their account settings. The route is like so: http://localhost:3000/settings/aaron17 I need to make sure that user A cannot navigate to the settings for user B. How can I ensure that users can only navigate to their own settings page? I think on the back end, I can just 1) make sure the user is logged in, 2) compare their username to the username they are requesting data for 3) return an error if theyre requesting data for a user that is not themselves
r
hey @bitcoinrippin yea that works! You can also store the user's username in their session and check the access token payload on the frontend when they navigate to the their settings page, and if the user name in the path doesn't match that in the access token payload, redirect them to the right page
b
this is my front end

https://cdn.discordapp.com/attachments/1099334875519127682/1099338118009733170/image.png

back end

https://cdn.discordapp.com/attachments/1099334875519127682/1099338168509136917/image.png

which is for some reason causing an infinite loop

https://cdn.discordapp.com/attachments/1099334875519127682/1099338277888208896/image.png

r
don't send a 401
send a 403
b
do you know if supertokens is intercepeting the 401 and trying to refresh the session?
r
401 is for session refreshing
b
awesome
r
403 is for bad permission
b
youre a beast
yeah that worked.
legendary support at supertokens 🙂