JSDO session name works for Duplicate Tab and Refresh but not a decorated URL - Forum - Mobile - Progress Community

JSDO session name works for Duplicate Tab and Refresh but not a decorated URL

 Forum

JSDO session name works for Duplicate Tab and Refresh but not a decorated URL

This question is not answered

HI All

I am using the JSDO with forms based authentication and specifying a name e.g.

this.jsdoSettings = {name: 'MyName',serviceURI: this.serviceURI,catalogURIs: this.catalogURI,authenticationModel: progress.data.Session.AUTH_TYPE_FORM};
This allows for page refreshes and duplicate tabs in chrome, however if i copy and paste a decorated URL into another tab in the browser this does not seem to work.
I had assumed that the JSDO created some sort of cookie or sessionStorage to maintain the session context in the browser and so a decorated URL should work as well as long as you are signed in.
Thanks
Christian.
All Replies
  • Hello Christian,

    The support for page refresh is done by using sessionStorage.

    I wonder if the behavior you are seeing happens because the way web browsers handle sessionStorage with a new tab:

    - bugs.chromium.org/.../detail

    - bugzilla.mozilla.org/show_bug.cgi

    - stackoverflow.com/.../browser-sessionstorage-share-between-tabs

    I hope this helps.

  • HI

    That makes sense, i don't know why they choose local storage over session storage as local storage would allow a decorated URL to work as long as your session had not expired.

    Do you think this is worth raising as a product enhancement?

    Thanks

  • Hello,

    I do not think that changing sessionStorage to localStorage would be a good approach.

    The reason for using sessionStorage vs localStorage was from a security point of view to prevent unexpected malicious access (Cross Site Scripting) to the keys/values and prevent access from one session to another.

    See the following article for reference on "localStorage security":

    - www.owasp.org/.../HTML5_Security_Cheat_Sheet

    This article also explains that the sessionStorage is only available to a given window/tab:

    "Use the object sessionStorage instead of localStorage if persistent storage is not needed. sessionStorage object is available only to that window/tab until the window is closed."

    Perhaps, a possible approach would be doing something at the application level. A "Remember Me" function or something along those lines.

    I hope this helps.

    Thank you and regards.