Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extend Sessions to support storing Separate data across different Tabs #1241

Closed
Badgerati opened this issue Feb 19, 2024 · 0 comments · Fixed by #1242
Closed

Extend Sessions to support storing Separate data across different Tabs #1241

Badgerati opened this issue Feb 19, 2024 · 0 comments · Fixed by #1242
Assignees
@Badgerati
Labels
enhancement ⬆️
Milestone
2.10.0

Comments

@Badgerati
Copy link
Owner

Describe the Change

When using Sessions, the Auth and general Data are shared across all tabs in an open browser; so if you login to a site on one tab with a view counter, and then open a new tab, you'll be immediately logged in and the view counter would show the same value as the previous tab.

This extension to Sessions will make it so that the Auth data is still shared across all tabs, but the general data (like view counters, etc.) will be split across the different tabs. In the above example, both tabs would show different view counter values.

This enhancement is dependant on client-side logic, and use of a browser's sessionStorage, so Auth data has to be shared.

This could be done by adding a new -Scope parameter to Enable-PodeSessionMiddleware with possible values of Browser and Tab - with Browser being the default. When using -Scope Tab the "Session Tab ID" will be sourced from an X-PODE-SESSION-TAB-ID, and will be used to "extend" the main cookie/header SessionId.

If any Tab is ever "logged out" of, the base session with Auth data will be revoked, which will revoke all Tab sessions as well.

Documentation

For the documentation around Tab Sessions, ensure to mention that client-side logic is required - this feature doens't just work when enabled. Also, flag that using sessionStorage isn't exactly the best, and could be fetched/manipulated by 3rd parties - XSS. Enabling this is entirely the user's choice.

Related Issues

Badgerati/Pode.Web#406
@Badgerati Badgerati added this to the 2.10.0 milestone Feb 19, 2024
@Badgerati Badgerati self-assigned this Feb 19, 2024
Badgerati added a commit that referenced this issue Feb 19, 2024
@Badgerati
#1241: initial work for enabling Tab Sessions
bc9137d
Badgerati added a commit that referenced this issue Feb 19, 2024
@Badgerati
#1241: Tab session docs, and session perf tweak
c770db3
Badgerati added a commit that referenced this issue Feb 19, 2024
@Badgerati
#1241: test fix
54bb76b
@Badgerati Badgerati mentioned this issue Feb 19, 2024
Merged
@github-project-automation github-project-automation bot moved this from Backlog to Done in 🚀 Pode Roadmap Feb 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Badgerati Badgerati

Labels
enhancement ⬆️
Projects
🚀 Pode Roadmap
Status: Done
Milestone
2.10.0
Development

Successfully merging a pull request may close this issue.

Adds support for enabling sessions for Tabs Badgerati/Pode
1 participant
@Badgerati