2

I am working on making premium access to my website. While doing so I want the login that had set the localStorage item as 1 to expire and get deleted after a month. I searched the web, but got confused as I am still learning JavaScript and jQuery. Can you help me out in setting expiration to the localStorage item? Here's the line of code that is setting the localStorage:

localStorage.setItem('ispremium', '1');

And my website is on Blogger platform, if that matters!

SohamWani
  • 83
  • 1
  • 7
  • 2
    Why not use a cookie instead? -- Otherwise you'll likely need to write some code which loops through all the storage, decodes it, and then deletes it. – evolutionxbox Feb 07 '22 at 14:50
  • 2
    This is probably extremely insecure. If I don't have a login and want to spoof one, all I need is to run `localStorage.setItem('ispremium', '1')`. If you want to store user data and ensure that it's authenticated, try looking into JSON Web Tokens (JWT). The specs have built-in feature that allows revoking of the token after it expires. More importantly... you might want to pick a CMS that already does this: no point in reinventing the wheel. – Terry Feb 07 '22 at 14:50
  • 2
    Short answer: there is no way of setting an expiration date on storage entries. – Heretic Monkey Feb 07 '22 at 14:57
  • @Terry Thank you for your concern, but I have other plans for it! – SohamWani Feb 07 '22 at 14:57
  • @evolutionxbox, can you guide for the same? – SohamWani Feb 07 '22 at 14:57
  • 1
    Are you looking for something like, [javascript set cookie with expire time](https://stackoverflow.com/questions/13154552/javascript-set-cookie-with-expire-time)? – evolutionxbox Feb 07 '22 at 14:59
  • That will help too! – SohamWani Feb 07 '22 at 15:04
  • Does this answer your question? [javascript set cookie with expire time](https://stackoverflow.com/questions/13154552/javascript-set-cookie-with-expire-time) – evolutionxbox Feb 07 '22 at 15:16

2 Answers2

2

You can set the actual value as the first time user joined and the time to expire. And whenever the user opens again the website, you need to check that expiration date. But this is extremely unsecure, you shouldn't do that for sessions. Just to answer to your question, you can do the following:

const NAMESPACE = 'MY_ID';
const TIMESTAMP_MODEL = {
  initial: null,
  expiresOn: null
};
const TIMESTAMP = Date.now();

if (!JSON.parse(localStorage.getItem(NAMESPACE))) {
  // when the user access your website for the first time, set the initial and expiresOn values:

  localStorage.setItem(NAMESPACE, JSON.stringify({
    initial: TIMESTAMP,
    expiresOn: TIMESTAMP + 1000*60*60*24*30 // 1month in ms
  }));
} else {
    // then, when user access the website again, check the expiresOn, it it's value is bigger than current date
  const EXPIRE_DATE = JSON.parse(localStorage.getItem(NAMESPACE)).expiresOn;

  if (Date.now() > EXPIRE_DATE) {
    console.log('session expired');
  } 
}
n1kkou
  • 3,096
  • 2
  • 21
  • 32
1

Normally this would be solved on the server side. The localStorage may be cleared if a user selects "clear browsing history" on some browsers. It may not be available across sessions if the user works with multiple browsers or incognito mode. Other than that someone with a bit of technical knowledge can insert the "ispremium" flag easily into his localStorage to gain access to your premium feature.

If you still want to solve this via client, you could store a timestamp instead of a boolean flag and check if the current time is still in the validity range. LocalStorage itself doesn't let you set an expiration date on entries.

ueznem
  • 79
  • 5