bugzilla.mozilla.org will be intermittently unavailable on Saturday, March 24th, from 16:00 until 20:00 UTC.

LocalStorage is not always available




3 years ago
3 years ago


(Reporter: hoffi, Unassigned)


38 Branch

Firefox Tracking Flags

(Not tracked)




3 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
Build ID: 20150525141253

Steps to reproduce:

Our page does heavily depend on ajax-requests. To secure it against CSRF-attacks, a CSRF-Token is stored in localStorage upon login. When an ajax-request is issued, the CSRF-Token is read from localStorage and set as custom header.

Actual results:

Once every while, localStorage is not available via javascript. We have about 10.000 ajax-requests every day, about half of those coming from FF and only about 3 per day do actually fail. Typically, this works as follows:
- The user logs in, receives the CSRF-Token during login and starts working on the site.
- Some time later, several requests of the user fail for a period of a few minutes (on different pages!).
- Our error-handling does silently report the content of localStorage to the server when an ajax-request fails due to a missing CSRF-Token. The storage is always reported as empty.
- The browser then recovers after some time and the localStorage is visible again magically.

Sorry, I do not have any steps to reproduce this issue, since this is a rare occurrence.

This does only happen in FF, all other browsers are working perfectly fine.

Expected results:

The localStorage should be always available.

Comment 1

3 years ago
One more thing: Of course I implemented a fallback in case localStorage is not available or full. The CSRF-Token is stored as a cookie then. But this does not help, since the CSRF-Token is stored successfully (the script does even check this by reading the token from localStorage directly after writing it). Thus there is no fallback-cookie set.


3 years ago
Component: Untriaged → DOM
Product: Firefox → Core
You need to log in before you can comment on or make changes to this bug.