Pass data between refresh/reload (client side, without server side sessions)

In a singlepage application I’d like to pass sensitive data during a page reload/refresh.

Since the data is sensitive it should not be recovered, for example

  • when a user leaves the domain and then goes back
  • when a user closes the user agent and restarts it, restoring the previous session

History

  • thirdpartypage.com (discard data when moving to here)
  • mypage.com
  • thirdpartypage.com (discard data when moving to here)

My approach was store it in the sessionStorage.

// On data generation/update
sessionStorage.setItem("data", "DATA");

// ...

// On load (reload)
var data = sessionStorage.getItem("data")

if (data) {
    // Initialize application with data
} else {
    // Start without
}

Unfortunately, in the sessionStorage the data persists when moving from my application’s domain to a foreign domain (and back or forth to my application’s domain).

I also tried storing it in

  • window.name, but while for Chrome this is acceptable (not persisted across domains), Firefox makes the data accessible at the other domain (IE untested)
  • a short-lived cookie but I don’t find this solution secure


Source: javascript

Leave a Reply