|
|
|
|
|
|
by franky47
2088 days ago
|
|
|
Another interesting approach is the one used in ProtonMail, using the SessionVars trick by Thomas Frank. It combines in-memory storage for XSS safety, and a combination of SessionStorage and `window.name` to split the token into secret random parts, each taking its separate channel, to ensure the token survives a page reload. I wrote about the details on how it works [1] and packed a TypeScript implementation on NPM [2]. [1] https://francoisbest.com/posts/2019/how-to-store-e2ee-keys-i... [2] https://github.com/47ng/session-keystore |
|
|