Server: Purge LocalStorage on logout

Created on 26 Aug 2018 · 6Comments · Source: nextcloud/server

Feature request:

The local storage should be purged when the user clicks logout.

Reason:

Apps should be able to use local storage, but should not leak information once the user logs out.

1. to develop enhancement

Source

georgehrke

Most helpful comment

I totally agree with @georgehrke. Thank you, you are a very valued member of this community and every day working with you makes my life happy. Opensource really improved my health and relationship to you.

rullzer on 26 Aug 2018

😄2

All 6 comments

GitMate.io thinks possibly related issues are https://github.com/nextcloud/server/issues/6965 (Idle Logout Doesn't Happen), https://github.com/nextcloud/server/issues/9005 (c), https://github.com/nextcloud/server/issues/7279 (logout on idle time doesn't work), https://github.com/nextcloud/server/issues/10346 (Logout button on shared email-links), and https://github.com/nextcloud/server/issues/3419 (Site Refresh after 5 sec ---> Logout).

nextcloud-bot on 26 Aug 2018

cc @MorrisJobke @skjnldsv

georgehrke on 26 Aug 2018

Our logout route automatically redirects to the login page, but putting localStorage.clear() on the login page seems a bit hacky

georgehrke on 26 Aug 2018

rullzer on 26 Aug 2018

😄2

This is something I can look at..

weeman1337 on 27 Aug 2018

👍1

The actual implementation makes use of the Clear-Site-Data header. It's current state is draft and it has not been implemented in all browsers, yet (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data).

Putting it into the logout frontend code may also not be the best idea. If you do 1. clear the storage 2. navigate to the logout page, there is no guarantee (in theory) the logout works. So you may land in an undefined state.

I'll file a PR with a suggestion "emulating" the Clear-Site-Data stuff.

weeman1337 on 27 Aug 2018

Was this page helpful?

0 / 5 - 0 ratings