How should we handle synchronization between tabs?

Owned by Kurt Junghanns
Last updated: Jul 13, 2017
1 min read
Status

DECIDED

Stakeholders
Roy Meissner Klaas Andries de Graaf Kostis Pristouris Ali Khalili Soledad Valero 
OutcomeLocalStorage could (technical possible) be used with or instead of cookies, but the security issue we have with cookies is too small atm. Thus no changes of the code needed.
Due date
Owner
Kurt Junghanns 

Background

SWIK-488 - Getting issue details... STATUS  already mentioned the problems:

Because we are using cookies for saving user data and the jwt, browser tabs are not synchronized. E.g. having two tabs where a user is logged in, logging out in one then the other is still able to use the platform until the page gets refreshed.
Specific the service authentication token and user data could be different between tabs.

We have to check if another technology is more suitable and should be used with or instead of cookies.

Cookies:

Pros:
  • Works well with one page and isomorphic webapp
  • Is send with every request to the server automatically
Cons:
  • Problems with multiple tabs in browser
  • Are just updated if their lifetime is over or the page gets refreshed
  • We need atm two to three libraries to handle them

LocalStorage:

Pros:
  • Browser tabs are sharing the data synchronously  - an observer could be used to handle changes in all tabs
  • No library needed
Cons:
  • Is not part of the flux flow as it only works on the client
  • Lifetime have to be added and checked manually
  • Requests have to be enriched manually for synchronization with server

Action items

  •