1178209 - LocalStorage is not always available

Status: UNCONFIRMED

(Core :: DOM: Core & HTML, defect)

Description

[hoffi]

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
Build ID: 20150525141253

Steps to reproduce:

Our page does heavily depend on ajax-requests. To secure it against CSRF-attacks, a CSRF-Token is stored in localStorage upon login. When an ajax-request is issued, the CSRF-Token is read from localStorage and set as custom header.


Actual results:

Once every while, localStorage is not available via javascript. We have about 10.000 ajax-requests every day, about half of those coming from FF and only about 3 per day do actually fail. Typically, this works as follows:
- The user logs in, receives the CSRF-Token during login and starts working on the site.
- Some time later, several requests of the user fail for a period of a few minutes (on different pages!).
- Our error-handling does silently report the content of localStorage to the server when an ajax-request fails due to a missing CSRF-Token. The storage is always reported as empty.
- The browser then recovers after some time and the localStorage is visible again magically.

Sorry, I do not have any steps to reproduce this issue, since this is a rare occurrence.

This does only happen in FF, all other browsers are working perfectly fine.


Expected results:

The localStorage should be always available.

Comment 1

[hoffi]

One more thing: Of course I implemented a fallback in case localStorage is not available or full. The CSRF-Token is stored as a cookie then. But this does not help, since the CSRF-Token is stored successfully (the script does even check this by reading the token from localStorage directly after writing it). Thus there is no fallback-cookie set.