Microsoft-authentication-library-for-js: Lots of old "msal." entires in local storage
I'm submitting a...
- [ ] Regression (a behavior that used to work and stopped working in a new release)
- [X] Bug report
- [ ] Performance issue
- [ ] Feature request
- [ ] Documentation issue or request
- [ ] Other... Please describe:
Browser:
- [X] Chrome version 71.0.3578.98
- [ ] Firefox version XX
- [ ] IE version XX
- [ ] Edge version XX
- [ ] Safari version XX
Library version
Library version: 0.2.3
Current behavior
If the user is never logged out and they continue to use the webapp long enough to have the iFrame renew the token, a new entry appears to be added to local storage and no entries are ever being cleaned up. In the event that the user stays logged in for several days, the local storage begins to really fill up with old entries.
My current localhost session has 171 entries for msal.acquireTokenUser and a new one is added every time acquireTokenSilent is called with an expired token and it makes a request for a new token. Of those 171, only 5 of them have actual values - the rest have blank values.
I also see entries for msal.token.renew.status and msal.authority piling up in my local storage as well.
I've run across issues which describe what I'm seeing, but based on the comments in those tickets this sounds like it would have already been resolved.
https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/327
https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/370
In reviewing the logout behavior, I noticed these entries aren't cleared from the local storage even when logout is called. The resetCacheItems function in here is only looking for two keys to clear, and it's not actually removing them in most cases, just emptying the value.
Expected behavior
The msal library should be cleaning up the local storage and only keeping around what it needs.
dwatty
All 6 comments
We are using this library in an internal project (soon to be publicly released) and would appreciate if this issue is resolved.
I'd be happy to help out, if needed.
abhisheksoni27
on 19 Jan 2019
We are having this same issue, so we added a bit of cleanup code until this is fixed in the published MSAL package.
Object.keys(window.localStorage).forEach(function (key) {
if (key.startsWith('msal.acquireTokenUser') || key.startsWith('msal.token.renew')) {
window.localStorage.removeItem(key)
}
})
We're running this code everytime we renew the tokens.
freeman-g
on 12 Mar 2019
@dwatty This fix is in progress.
sameerag
on 1 May 2019
@dwatty @freeman-g We have updated the dev branch with changes to fix this. We will be releasing another preview version of the library with these changes in npm by the end of the day. We will also be releasing the 1.0.0 version of the library soon as well, so please be on the lookout for that as well. If you see any other issues relating to msal cache cleanup in new versions of the code please reopen this issue.
pkanher617
on 3 May 2019
I'm still facing this issue with msal version 1.3.0
Mathijs003
on 8 Jun 2020
@Mathijs003 Please open a new issue, thanks!
jasonnutter
on 8 Jun 2020
Related issues
atvoid
路
3Comments
ssuvorov
路
3Comments
ninio
路
3Comments
ed-ilyin
路
4Comments
Calamari
路
3Comments
Most helpful comment
@dwatty @freeman-g We have updated the dev branch with changes to fix this. We will be releasing another preview version of the library with these changes in npm by the end of the day. We will also be releasing the 1.0.0 version of the library soon as well, so please be on the lookout for that as well. If you see any other issues relating to msal cache cleanup in new versions of the code please reopen this issue.