[debjit]

Do you actually know JavaScript?.. @debjit

I mean, can you at least read it?.. Using AJAX (Asynchronous JavaScript and XML) techniques without some background in JavaScript will limit its potential usefulness.. You need to be thinking as a full-stack developer (aware of the front-end code and the back-end code and how they interact optimally for the benefit of the App) not as a back-end coder (doing all the logic server-side and dumping the result as is) for it to be of any help.

Would be nice if you share that journey with this community too.. May be we can be of some help.

Why PHP sessions are more secure?.. Besides, I hope you're aware that PHP sessions use a particular form of cookies too.. Do you know the difference between Cookies and Session cookies?

So, you did actually use cookies :-) Now, can you tell us how Laravel PHP framework makes cookies more secure?..

Bad idea!!.. Can you think of the why it's a bad idea to store too much date in cookies?.. and can you think of a better alternative for storing data than in cookies ?

Finally, where is the code of the free Open Source Version?!..

No!.. never used one but I did code one basic quiz WebApp in PHP a long time ago (+10 years ago.)

It's hard to say if you don't layout the whole business logic of the App from start to finish.

Do you actually know JavaScript?.. @debjit
Yes and No. I have finished the course 6 months ago but never used that extensively. Now I am learning React, so yes I know some javaScript. I am just not that confident with it.

Here is how laravel makes the cookie more secure,
https://blog.laravel.com/laravel-cookie-...y-releases

Why PHP sessions are more secure?.. Besides, I hope you're aware that PHP sessions use a particular form of cookies too.. Do you know the difference between Cookies and Session cookies?
Season data stays on the server there is no way normal users get their hands on it.

Finally, where is the code of the free Open Source Version?!..
I am building piece by piece and sharing on Twitter, as a portal I am sharing updates here. Code will be published when I get an MVP version or one month which comes fast. Please remember I have to do a day job and then write this software.

It's hard to say if you don't layout the whole business logic of the App from start to finish.
There is no business logic in this app. It's an app that I am making for my own teachers to use. They will use it to create exam for there students, and evaluate there result. There is no business aspect.

---

Thanks for the reply.
For the continued discussion:
I would store the temporary results in cookie or local storage as in many cases sessions are consuming server resources,which are also more temporarily and as students will want to change their answers often,storing the answers in cookies/localStorage may give the ability for offline-answering in extreme bad connection (if you have prefetched some questions as cache).
I may not encrypt the cookie as if you are not storing these consts you may need to change if often,then it need to be a two-way encryption,thus some additional scripts are needed.Anyway these students can temper with the cookies as long as they don't know the answer.
Or you may try websocket that when their is a property change you send the change to server if you do not like the use of cookies.

For user identity during a exam I prefer sessions,basic user auth might be a strongly-encrypted cookie(or session,I don't think they will stay in the page for days),and for changing the answer or so maybe websocket that sync the changes might be better(authentication first,as always)?

The cookie set by the laravel framework is secure.
The auth is also secure.
I am using livewire to perform real time communication via ajax.