防止“恢复标签”从访问会话存储 [英] Preventing "Restore Tab" from accessing Session Storage

问题描述

sessionStorage非常适合在网页会话的生命周期内轻松快速地保存与会话相关的数据。但是，当浏览器选项卡关闭，然后由任何有权访问浏览器最近选项卡部分的人重新打开时，他们可以再次访问会话数据。

sessionStorage is great for easily and quickly saving session-related data for the lifetime of a web page session. However, when a browser tab is closed, but then re-opened by anybody with access to the "Recent Tabs" section of a browser, they can once again access the session data.

有没有办法将某些会话存储数据标记为恢复选项卡时不保存或者我应该尝试其他方式？例如，会话cookie在这种情况下会更安全地执行吗？

Is there any way to flag some session storage data as "not to be saved when the tab is restored" or should I try something else? For example, will a session cookie perform more safely in this instance?

推荐答案

使用会话Cookie。如果您未设置 Expires 或 Max-Age 属性，则会指示浏览器在浏览器中删除cookie已经被关了。但是，这仅在整个浏览器窗口关闭后才有效。

Use a Session Cookie. If you do not set the Expires or Max-Age attributes, the browser is instructed to delete the cookie once the browser has been closed. However, this only works once the entire browser window has been closed.

Cookie的范围是整个浏览器，而不是单个选项卡。如果浏览器已关闭，然后从历史记录中恢复选项卡，则会话Cookie将消失。如果关闭选项卡并在浏览器未关闭的情况下重新打开，则会话cookie将保持不变。

Cookies are scoped to the entire browser, not to individual tabs. If the browser has been closed, and then the tab is restored from history, a Session Cookie will be gone. If a tab is closed and re-opened with the browser not being closed, your session cookie will persist.

更新：Firefox恢复会话和Chrome继续我离开的地方功能几乎忽略了规范（RFC-2109）。请记住并使用，风险自负。

Update: The Firefox "restore session" and Chrome "Continue where I left off" features pretty much ignore the spec (RFC-2109). Bear that in mind and use at your own risk.

这篇关于防止“恢复标签”从访问会话存储的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！