2

I'm using SessionStorage to store private contextual information needed for my frontend application. I have noticed that sometimes when navigating away to a different website (different domain, part of the application flow) and coming back again, the session storage is not the way I left it. Sometimes there is nothing, sometimes a couple of properties still remain.

I have seen this happen on Chrome incognito on Windows, and Safari private browsing mode. For Safari, I can detect private browsing and fall back on session cookies, however these will be pointlessly passed over the network so I don't want to make this my main solution. Also I can only detect it for Safari and not for Chrome.

I cannot find any articles stating this is expected behaviour. The fact that it does not always occur makes it even more fun to debug.

Is there a way to reliably use SesionStorage? Or are there any suggested alternatives for storing this sensitive information in a secure way?

Roy
  • 7,811
  • 4
  • 24
  • 47
KrekkieD
  • 967
  • 9
  • 23

2 Answers2

0

No a SessionStorage is bound to the lifetime of a browsing context. This context is different between browsers. From the spec:

The lifetime of a browsing context can be unrelated to the lifetime of the actual user agent process itself, as the user agent can support resuming sessions after a restart.

If you want a more persistent solution you can use LocalStorage.

JEY
  • 6,973
  • 1
  • 36
  • 51
0

Use LocalStorage instead of using Session Storage But do not forget to clear the local storage when you do not need to store data further for more information check out

Muhammad Shoaib
  • 69
  • 10
  • 1
    LocalStorage 'leaks' between tabs and is also not bound to the user Session, which means closing the tab will not clear the storage, which is bad for private information – KrekkieD Apr 11 '19 at 12:10