Usage documentation

[PVince81]

I tried to infer usage from the source code but it isn't as straightforward.

Would be good to add some usage examples in the README for volatile and persistent, and maybe best practices.

[ChristophWurst]

Yep, sorry. There is also no online docs right now. I ran out of time with this one, but you should find some infos at #1.

[PVince81]

Quick notes:

import { getBuilder } from '@nextcloud/browser-storage'

// browser storage, clears after the browser is closed (uses sessionStorage internally)
browserStorage = getBuilder('appname').build()

// survives page changes and stays after log out (uses localStorage internally)
persistentStorage = getBuilder('appname').persist().build()

// survives page changes but clears after logging out (uses localStorage internally)
userSessionStorage = getBuilder('appname').clearOnLogout().build()

// same as `clearOnLogout()` alone ??
userSessionStorage2 = getBuilder('appname').persist().clearOnLogout().build()

@ChristophWurst can you clarify if I got it right ?

we could also use the proposed naming in the code

[PVince81]

• mention how one needs to explicitly call clear() whenever a user logs out (this module cannot detect this on its own) for the clearOnLogout() logic to be effective

[ChristophWurst]

* mention how one needs to explicitly call `clear()` whenever a user logs out (this module cannot detect this on its own) for the `clearOnLogout()` logic to be effective

The original idea was to include this package in the server and call the clear there as one central code to do this. It's not intended for the app to deal with this.

[ChristophWurst]

clears after a page refresh (uses sessionStorage internally)

⚠️ https://developer.mozilla.org/en-US/docs/Web/API/Window/sessionStorage

A page session lasts as long as the browser is open, and survives over page reloads and restores.

[PVince81]

ah yes, it's only if you change the URL.
I also noticed in that past that if you "open a new tab" from that tab, it also preserves the storage there

[PVince81]

adjusted to "// browser storage, clears after the browser is closed (uses sessionStorage internally)"

[PVince81]

I just discovered that all of localStorage gets cleared on logout (given that "clear=1" is passed and it is when using the top right menu): https://github.com/nextcloud/server/blob/master/core/src/login.js#L34

so even when using "persist()"

[MorrisJobke]

I just discovered that all of localStorage gets cleared on logout (given that "clear=1" is passed and it is when using the top right menu): https://github.com/nextcloud/server/blob/master/core/src/login.js#L34

Was on purpose, because CardDav/Caldav stuff was cached in there and thus needs to be cleaned as it would otherwise leak personal data. At least that is what I remember ... Was done by @georgehrke

[nickvergessen]

So let's switch that to session storage if the data should not survive?!

[ChristophWurst]

So let's switch that to session storage if the data should not survive?!

⚠️ there is no semantics of logout for sessions storage. as long as you don't close the browser the session storage remains. so if you log into nc on someone else's computer, then log out, they will still have access to the sensitive data.

[nickvergessen]

Well sure, but at least browser storage is even more wrong for sensitive data

[ChristophWurst]

Of course