Best practice for putting javascript files behind user authentication?

I have a web app where most of the functionality is within a javascript file, and I am about to introduce a pro version of the app in which registered users would get access to more functionality.

Again the extra functionalities are just extra functions in a javascript file.

What I am planning to do is:

- link pro_script.js if user is logged in,

- or link to normal_script.js if user is not logged in,

at the header of the page via user authentication with php.

I was wondering if this is the best way to approach this situation?

I have concerns that the pro_script.js is residing accessible under the javascripts folder, and it would be possible to write a script or plugin that loads the pro_script.js 开发者_如何学Pythoninstead of normal_script.js.

You can have your HTML to call my_script.php instead of my_script.js. This PHP file would simply output your JS depending on the state if the user is logged on or not.

You can hide pro_script.js behind PHP script - it will check user's account and if user is "premium" then it outputs content of pro_script.js, otherwise - empty string. Don't forget to setup correct headers (content-type and caching)

This is acually @Adnan's idea, but my response was far to complex for a comment.

Your my_script.php should look something like this:

<?php 
session_start();
header("Content-type: application/x-javascript";);

if (!empty($_SESSION['PRO_USER'])) {
    echo file_get_contents("js/pro_script.js");
} else {
    echo file_get_contents("js/normal_script.js");
}

exit;
?>