How to secure local storage and clear it on browser close in ember-simple-auth?

1
votes

I am using ember-simple-auth for authentication in my ember-cli application. It seems that ember-simple-auth is storing the session in local storage which doesn't seem to be secure.

I have following two questions:

  1. I can see the session data and also able to modify it. How do I secure this session data?
  2. How do I clear this storage on browser close? My session and it's data are still active after I close and reopen the browser.

Thanks.

1
ember.jsember-cliember-simple-auth

1 Answers

5
votes

1) you cannot "secure" that data. You could encrypt it but that would be pointless as the encryption/decryption code would be open to the user as is all the other JS code of your app 2) if you don't want the session to be persisted you could either use the ephemeral store (in that case the session wouldn't survive a page reload though and you'd lose tab/window synchronization) or you could use the cookie based store which uses a session cookie by default that's deleted when the browser is closed.