Created
October 24, 2019 20:55
-
-
Save wildhart/a6a4180e3dda45977c9cc210c2b19c47 to your computer and use it in GitHub Desktop.
monkey patch Meteor.Accounts to store login token in sessionStoage instead of localStorage
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // monkey patch Meteor.Accounts to store login token in sessionStoage instead of localStorage | |
| // https://forums.meteor.com/t/security-dont-store-tokens-in-localstorage/50539/13 | |
| // original code: https://github.com/meteor/meteor/blob/af26e8b052a5135033e561cf4e4347eee585ab3b/packages/accounts-base/accounts_client.js#L477 | |
| Accounts._storeLoginToken = function(userId, token, tokenExpires) { | |
| Meteor._localStorage.setItem(this.USER_ID_KEY, userId); | |
| sessionStorage.setItem(this.LOGIN_TOKEN_KEY, token); | |
| if (! tokenExpires) | |
| tokenExpires = this._tokenExpiration(new Date()); | |
| Meteor._localStorage.setItem(this.LOGIN_TOKEN_EXPIRES_KEY, tokenExpires); | |
| // to ensure that the localstorage poller doesn't end up trying to | |
| // connect a second time | |
| this._lastLoginTokenWhenPolled = token; | |
| }; | |
| Accounts._unstoreLoginToken = function() { | |
| Meteor._localStorage.removeItem(this.USER_ID_KEY); | |
| sessionStorage.removeItem(this.LOGIN_TOKEN_KEY); | |
| Meteor._localStorage.removeItem(this.LOGIN_TOKEN_EXPIRES_KEY); | |
| // to ensure that the localstorage poller doesn't end up trying to | |
| // connect a second time | |
| this._lastLoginTokenWhenPolled = null; | |
| }; | |
| // This is private, but it is exported for now because it is used by a | |
| // test in accounts-password. | |
| Accounts._storedLoginToken = function() { | |
| return sessionStorage.getItem(this.LOGIN_TOKEN_KEY); | |
| }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment