{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 别忘想泡老子 的问题《Preventing “Restore Tab” from accessing Session St》','https://www.manongdao.com/q-820937.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
sessionStorage is great for easily and quickly saving session-related data for the lifetime of a web page session. However, when a browser tab is closed, but then re-opened by anybody with access to the "Recent Tabs" section of a browser, they can once again access the session data.
Is there any way to flag some session storage data as "not to be saved when the tab is restored" or should I try something else? For example, will a session cookie perform more safely in this instance?
Use a Session Cookie. If you do not set the
ExpiresorMax-Ageattributes, the browser is instructed to delete the cookie once the browser has been closed. However, this only works once the entire browser window has been closed.Cookies are scoped to the entire browser, not to individual tabs. If the browser has been closed, and then the tab is restored from history, a Session Cookie will be gone. If a tab is closed and re-opened with the browser not being closed, your session cookie will persist.
Update: The Firefox "restore session" and Chrome "Continue where I left off" features pretty much ignore the spec (RFC-2109). Bear that in mind and use at your own risk.