Open
Bug 1178209
Opened 9 years ago
Updated 2 years ago
LocalStorage is not always available
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
UNCONFIRMED
People
(Reporter: hoffi, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 Build ID: 20150525141253 Steps to reproduce: Our page does heavily depend on ajax-requests. To secure it against CSRF-attacks, a CSRF-Token is stored in localStorage upon login. When an ajax-request is issued, the CSRF-Token is read from localStorage and set as custom header. Actual results: Once every while, localStorage is not available via javascript. We have about 10.000 ajax-requests every day, about half of those coming from FF and only about 3 per day do actually fail. Typically, this works as follows: - The user logs in, receives the CSRF-Token during login and starts working on the site. - Some time later, several requests of the user fail for a period of a few minutes (on different pages!). - Our error-handling does silently report the content of localStorage to the server when an ajax-request fails due to a missing CSRF-Token. The storage is always reported as empty. - The browser then recovers after some time and the localStorage is visible again magically. Sorry, I do not have any steps to reproduce this issue, since this is a rare occurrence. This does only happen in FF, all other browsers are working perfectly fine. Expected results: The localStorage should be always available.
One more thing: Of course I implemented a fallback in case localStorage is not available or full. The CSRF-Token is stored as a cookie then. But this does not help, since the CSRF-Token is stored successfully (the script does even check this by reading the token from localStorage directly after writing it). Thus there is no fallback-cookie set.
Updated•9 years ago
|
Component: Untriaged → DOM
Product: Firefox → Core
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•