I want to generate a GUID/UUID for my web app to use but I'm not sure if I should generate it on the client or server or what should be the preference.
Basically, I'm working on a web app similar to e-commerce app.
Here are the steps:
1) User logs into the web app
2) User can create a new transaction or search for an existing transaction.
3) If user selects create transaction, a new transaction number will be generated and shown to the user while he's creating the transaction. On submitting the transaction, all the transaction details will be saved including transaction number + timestamp (for more uniqueness).
If user selects search, they can find an existing transaction by searching by the transaction number that was generated when the transaction was created.
In the end, I'm not sure if I should be generating the GUID/UUID on client (JavaScript/TypeScript) or backend/server (C#/.NET). The only con I can see to generating on client is avoiding an extra api call to get the generated number to display on the front-end but is that really something that would make me select doing it on the client than server?
What are the pros and cons for both? What is normally done?
Thanks!
Best Answer
Do you have any security need for the GUID to be as unique as it should?
Never rely on client software to provide security1. If spoofing an old GUID just produces an error then it's fine. Just be sure it's fine.
Pushing work on to the client to make the experience more performant is a fine instinct. Just remember, that's not your computer over there.