Preventing “Restore Tab” from accessing Session St

2019-07-05 16:53发布

sessionStorage is great for easily and quickly saving session-related data for the lifetime of a web page session. However, when a browser tab is closed, but then re-opened by anybody with access to the "Recent Tabs" section of a browser, they can once again access the session data.

Is there any way to flag some session storage data as "not to be saved when the tab is restored" or should I try something else? For example, will a session cookie perform more safely in this instance?

1条回答
混吃等死
2楼-- · 2019-07-05 17:49

Use a Session Cookie. If you do not set the Expires or Max-Age attributes, the browser is instructed to delete the cookie once the browser has been closed. However, this only works once the entire browser window has been closed.

Cookies are scoped to the entire browser, not to individual tabs. If the browser has been closed, and then the tab is restored from history, a Session Cookie will be gone. If a tab is closed and re-opened with the browser not being closed, your session cookie will persist.

Update: The Firefox "restore session" and Chrome "Continue where I left off" features pretty much ignore the spec (RFC-2109). Bear that in mind and use at your own risk.

查看更多
登录 后发表回答