As per Meteor Guide’s Security checklist,
Don’t ever trust user IDs passed from the client. Use
this.userId inside Methods and publications.
There are some documentations conflicts, where I can’t really relate that one should use this.userId if he uses the Accounts Package.
What if someone don’t want to use Accounts Package like me because its not in my requirements.
Meteor suggest us to use publications this.userId, but this.userId is always null. Also, tried using this.setUserId but no success in this also.
Is there any method where I can set user Id using Meteor.userId or something like this, currently I am using Sessions to store the user Id but Sessions are not secured, they can be changed using the console.
Is there any method where I can implement a secured solutions to store user Id,