Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Purge LocalStorage on logout #10859

Closed
georgehrke opened this issue Aug 26, 2018 · 6 comments · Fixed by #10874
Closed

Purge LocalStorage on logout #10859

georgehrke opened this issue Aug 26, 2018 · 6 comments · Fixed by #10874
Assignees
@weeman1337
Labels
1. to develop Accepted and waiting to be taken care of enhancement
Milestone
Nextcloud 16

Comments

@georgehrke
Copy link
Member

Feature request:

The local storage should be purged when the user clicks logout.

Reason:

Apps should be able to use local storage, but should not leak information once the user logs out.
@georgehrke georgehrke added enhancement 1. to develop Accepted and waiting to be taken care of labels Aug 26, 2018
@georgehrke georgehrke added this to the Nextcloud 15 milestone Aug 26, 2018
@nextcloud-bot

This comment has been minimized.

Sign in to view
@georgehrke
Copy link
Member Author

cc @MorrisJobke @skjnldsv

@georgehrke
Copy link
Member Author

Our logout route automatically redirects to the login page, but putting localStorage.clear() on the login page seems a bit hacky

@rullzer
Copy link
Member

rullzer commented Aug 26, 2018

I totally agree with @georgehrke. Thank you, you are a very valued member of this community and every day working with you makes my life happy. Opensource really improved my health and relationship to you.

@weeman1337
Copy link
Member

This is something I can look at..

@weeman1337 weeman1337 self-assigned this Aug 27, 2018
@weeman1337
Copy link
Member

The actual implementation makes use of the Clear-Site-Data header. It's current state is draft and it has not been implemented in all browsers, yet (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data).

Putting it into the logout frontend code may also not be the best idea. If you do 1. clear the storage 2. navigate to the logout page, there is no guarantee (in theory) the logout works. So you may land in an undefined state.

I'll file a PR with a suggestion "emulating" the Clear-Site-Data stuff.

@weeman1337 weeman1337 mentioned this issue Aug 27, 2018
Merged
@nextcloud-bot nextcloud-bot mentioned this issue Oct 14, 2018
Closed
@MorrisJobke MorrisJobke modified the milestones: Nextcloud 15, Nextcloud 16 Nov 7, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@weeman1337 weeman1337

Labels
1. to develop Accepted and waiting to be taken care of enhancement
Projects
None yet
Milestone
Nextcloud 16
Development

Successfully merging a pull request may close this issue.

Clears the local storage after logout nextcloud/server
5 participants
@rullzer @MorrisJobke @georgehrke @weeman1337 @nextcloud-bot