I’m storing some access tokens in a
sessionStorage for security reasons (hence not
localStorage). The problem is sharing them when a user opens a link from the app in another tab. Since
sessionStorage is not copied the user has to re-authenticate again. This is a known scenario.
While searching the internet I’ve found some possible workarounds but they all miss one thing – multiuser environment. There are 2 main methods to copy
The idea is simple. Subscribe to events or a channel, query for
sessionStorage and store it locally when received.
Now consider this scenario (which is quite possible):
- some manager logs in as a
user_2in multiple windows (required by job);
- when opening some link in another tab, which
sessionStorageshould be copied over?
The way how I see it is to use a
BroadcastChannel and create it with some sort of a
GUID identifier as a prefix. In this case broadcasting
sessionStorage is possible within the same unique channel name which has to be shared among tabs of a specific user session.
The problem is the sharing of this identifier. Passing it into all possible links in the app is a bad idea. So I need some way for a new tab to access it’s previous ‘parent’ tab. Thought about
window.opener but it’s
null and not sure it’s possible to fill it in this case.
Is there any other way to access a parent or send some data from the parent to the exact tab being opened? No matter from which link within the app.