javascript - how to set token in session storage for one hour? - Stack Overflow

admin管理员组

文章数量:1023213

Here I have token I store this token sessionStorage (see below code). Now I want to set this token for 60 minutes in sessionstorage after 60 minutes automatically I want to expire this token, how to possible this is ?

let value = 'eyJpc3MiOiJodHRwczovL2FwaS5kYXRhdmlwZXIuaW8vYXBpL2xvZ2l
             uIiwiaWF0IjoxNTY1Njc4NjczLCJleHAiOjE1NjU2OD';

sessionStorage.setItem('token', value);

Here I have token I store this token sessionStorage (see below code). Now I want to set this token for 60 minutes in sessionstorage after 60 minutes automatically I want to expire this token, how to possible this is ?

let value = 'eyJpc3MiOiJodHRwczovL2FwaS5kYXRhdmlwZXIuaW8vYXBpL2xvZ2l
             uIiwiaWF0IjoxNTY1Njc4NjczLCJleHAiOjE1NjU2OD';

sessionStorage.setItem('token', value);

• javascript
• session-storage

Share Improve this question Follow asked Aug 13, 2019 at 6:55 DharmeshDharmesh 6,0231818 gold badges4949 silver badges6767 bronze badges 5

• No, sessionStorage is meant to keep values for the current session, it doesn't allow any expiration like cookies do, if you want to handle that, you need to do that manually. – briosheje Commented Aug 13, 2019 at 6:57
• @briosheje how it is possible to manage manually – Dharmesh Commented Aug 13, 2019 at 6:58
• It's arguably not a safe solution if it involves authentication or whatever, since session storage can easily be altered, but you may define a function that stores in the session storage the token and the expiration date and time. According to your need, then, you may check upon an event through another function whether: 1) there is a token. 2) whether it's expired. If it's expired, remove both. – briosheje Commented Aug 13, 2019 at 6:59
• @briosheje can you explain with example or answer so understand easily – Dharmesh Commented Aug 13, 2019 at 7:07
• Isn't SessionStorage still vulnerable to cross-site scripting attacks? Storing sensative information like Auth tokens and API keys is not remended. – sidnc86 Commented Mar 29, 2021 at 6:06

Add a ment  | 

2 Answers 2

Sorted by: Reset to default 1

Session storage is not expected to persist across sessions by design.

sessionStorage is similar to localStorage; the only difference is while data stored in localStorage has no expiration time, data stored in sessionStorage gets cleared when the page session ends. A page session lasts for as long as the browser is open and survives over page reloads and restores.

If you still want any stored value in the session storage to expire before the session expires, you will need to save the expiry time in the value and check for expiration through your own function.

Here is a simplified example:

sessionStorage.setItem('key', JSON.stringify({exp: new Date() + 5, data: data}));   //A value meant to expire in 5 minutes


function checkExpired() {

    var exp = sessionStorage.getITem('exp');

    if (exp > new Date())
       console.log('expired');
}

This example is just as good to demonstrate the method. You will have to take security precautions if want to make critical decisions based on the stored values.

Manually, you can do as below:

// Get from the session and validate for each reload or any event.
function validateSession() {
  let seassionVal = sessionStorage.getItem('seassionObj');
  if (seassionVal !== null) {
    let sessionObj = JSON.parse(seassionVal);
    let expiredAt = new Date(value.expiredAt);
    if (expiredAt > new Date()) { // Validate expiry date.
      return sessionObj.value;
    } else {
      sessionStorage.removeItem(key);
    }
  }
    return null;
}

// Set session function
function setToSession(value, inMin) {
  let expiredAt = new Date(new Date().getTime() + (60000 * inMin));
  let obj = {
    value: value,
    expiredAt: expiredAt.toISOString()
  }
  sessionStorage.setItem('seassionObj', JSON.stringify(obj));
}

Hope this help!

Here I have token I store this token sessionStorage (see below code). Now I want to set this token for 60 minutes in sessionstorage after 60 minutes automatically I want to expire this token, how to possible this is ?

let value = 'eyJpc3MiOiJodHRwczovL2FwaS5kYXRhdmlwZXIuaW8vYXBpL2xvZ2l
             uIiwiaWF0IjoxNTY1Njc4NjczLCJleHAiOjE1NjU2OD';

sessionStorage.setItem('token', value);

Here I have token I store this token sessionStorage (see below code). Now I want to set this token for 60 minutes in sessionstorage after 60 minutes automatically I want to expire this token, how to possible this is ?

let value = 'eyJpc3MiOiJodHRwczovL2FwaS5kYXRhdmlwZXIuaW8vYXBpL2xvZ2l
             uIiwiaWF0IjoxNTY1Njc4NjczLCJleHAiOjE1NjU2OD';

sessionStorage.setItem('token', value);

• javascript
• session-storage

Share Improve this question Follow asked Aug 13, 2019 at 6:55 DharmeshDharmesh 6,0231818 gold badges4949 silver badges6767 bronze badges 5

• No, sessionStorage is meant to keep values for the current session, it doesn't allow any expiration like cookies do, if you want to handle that, you need to do that manually. – briosheje Commented Aug 13, 2019 at 6:57
• @briosheje how it is possible to manage manually – Dharmesh Commented Aug 13, 2019 at 6:58
• It's arguably not a safe solution if it involves authentication or whatever, since session storage can easily be altered, but you may define a function that stores in the session storage the token and the expiration date and time. According to your need, then, you may check upon an event through another function whether: 1) there is a token. 2) whether it's expired. If it's expired, remove both. – briosheje Commented Aug 13, 2019 at 6:59
• @briosheje can you explain with example or answer so understand easily – Dharmesh Commented Aug 13, 2019 at 7:07
• Isn't SessionStorage still vulnerable to cross-site scripting attacks? Storing sensative information like Auth tokens and API keys is not remended. – sidnc86 Commented Mar 29, 2021 at 6:06

Add a ment  | 

2 Answers 2

Sorted by: Reset to default 1

Session storage is not expected to persist across sessions by design.

sessionStorage is similar to localStorage; the only difference is while data stored in localStorage has no expiration time, data stored in sessionStorage gets cleared when the page session ends. A page session lasts for as long as the browser is open and survives over page reloads and restores.

If you still want any stored value in the session storage to expire before the session expires, you will need to save the expiry time in the value and check for expiration through your own function.

Here is a simplified example:

sessionStorage.setItem('key', JSON.stringify({exp: new Date() + 5, data: data}));   //A value meant to expire in 5 minutes


function checkExpired() {

    var exp = sessionStorage.getITem('exp');

    if (exp > new Date())
       console.log('expired');
}

This example is just as good to demonstrate the method. You will have to take security precautions if want to make critical decisions based on the stored values.

Manually, you can do as below:

// Get from the session and validate for each reload or any event.
function validateSession() {
  let seassionVal = sessionStorage.getItem('seassionObj');
  if (seassionVal !== null) {
    let sessionObj = JSON.parse(seassionVal);
    let expiredAt = new Date(value.expiredAt);
    if (expiredAt > new Date()) { // Validate expiry date.
      return sessionObj.value;
    } else {
      sessionStorage.removeItem(key);
    }
  }
    return null;
}

// Set session function
function setToSession(value, inMin) {
  let expiredAt = new Date(new Date().getTime() + (60000 * inMin));
  let obj = {
    value: value,
    expiredAt: expiredAt.toISOString()
  }
  sessionStorage.setItem('seassionObj', JSON.stringify(obj));
}

Hope this help!

本文标签： javascripthow to set token in session storage for one hourStack Overflow