You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@flagon.apache.org by "Joshua Poore (JIRA)" <ji...@apache.org> on 2019/08/09 19:15:00 UTC

[jira] [Created] (FLAGON-442) Update documentation for how to pass local storage, cookie data to sessionId

Joshua Poore created FLAGON-442:
-----------------------------------

             Summary: Update documentation for how to pass local storage, cookie data to sessionId
                 Key: FLAGON-442
                 URL: https://issues.apache.org/jira/browse/FLAGON-442
             Project: Flagon
          Issue Type: Sub-task
          Components: UserALE.js
    Affects Versions: UserALE.js 2.1.0
            Reporter: Joshua Poore
            Assignee: Joshua Poore
             Fix For: UserALE.js 2.1.0


I don't think we want userale.js to mess around with passing session data back and forth to local storage, as this global solution could open up vulnerabilities and will be tricky to achieve desired behavior with (e.g., all instances of the same app across tabs, have the same session_id, which is refreshed when all instances are closed or browser is closed) as we only have access to window properties with script tag deployment. 

Better strategy is to update documentation so that users/developers can pass their own local storage or cookie data to sessionid via the script-tag HTML parameter.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)