HI All
I am using the JSDO with forms based authentication and specifying a name e.g.
Hello Christian,
The support for page refresh is done by using sessionStorage.
I wonder if the behavior you are seeing happens because the way web browsers handle sessionStorage with a new tab:
- bugs.chromium.org/.../detail
- bugzilla.mozilla.org/show_bug.cgi
- stackoverflow.com/.../browser-sessionstorage-share-between-tabs
I hope this helps.
HI
That makes sense, i don't know why they choose local storage over session storage as local storage would allow a decorated URL to work as long as your session had not expired.
Do you think this is worth raising as a product enhancement?
Thanks
Hello,
I do not think that changing sessionStorage to localStorage would be a good approach.
The reason for using sessionStorage vs localStorage was from a security point of view to prevent unexpected malicious access (Cross Site Scripting) to the keys/values and prevent access from one session to another.
See the following article for reference on "localStorage security":
- www.owasp.org/.../HTML5_Security_Cheat_Sheet
This article also explains that the sessionStorage is only available to a given window/tab:
"Use the object sessionStorage instead of localStorage if persistent storage is not needed. sessionStorage object is available only to that window/tab until the window is closed."
Perhaps, a possible approach would be doing something at the application level. A "Remember Me" function or something along those lines.
I hope this helps.
Thank you and regards.