Local Storage for session keys

[BramDevlaminck]

At this moment each browser has 1 session key that is stored in the localStorage. The problem with this is that when we are using websockets and you are using multiple tabs (in the same browser). All these tabs are "fighting" for a session key and this creates conflicts (the keys will be used multiple times or an invalid key is used).

The solution seems to use sessionStorage. This way each tab would have his own session key.
The problem with this is that the key is lost when the tab is closed and this would make the auto sign-in impossible.

Has anyone any idea how we could fix this?

[Mouwrice]

We might have to make a separation of keys.

1. We have a loginKey that we store in persistent localStorage that is valid for multiple days to stay logged in in your browser.
2. We store the current sessionKey in sessionStorage so we can make multiple requests per tab. This key should then only have a lifetime of say 5 minutes. Because of the short lifespan we no longer need to remove the key after it's request has been handled so that we can perform multiple requests at the same time using the same key.

Yes it would require some work, but it seems like there is no way going around it.

[BramDevlaminck]

Good question. 5 minutes might be too tight. I guess that 3 hours (like Ufora does) is reasonable?

I'm not sure tho wat exactly will happen when the key expires. My guess is there will be an 'unauthorized' error

[Mouwrice]

If the sessionkey expires we could use the loginkey to request a new one i suppose

[BramDevlaminck]

won't this give the exact same problem when you don't touch a bunch of tabs for quite some time and then they all need a new key using that sessionKey from the localStorage?

[HuanYu-Tan]

I have another question in regards to the loginKey will it refresh when you make a request or is it only valid till x?

[BramDevlaminck]

I think this would still update? This has not given any problems so far, but we should think about this because this could give problems when using a really slow internet connection. In that case I think it would be possible to send 2 requests with that same key.

I don't know if this is "bad" because the login will just fail, you can try again immediately and this should fix itself once you are finally logged in with the first tab. Or am I wrong thinking this?

[BramDevlaminck]

We will use another way to solve this than what is described here, see #402