BenoitZugmeyer
commented
2 weeks ago Thank you for your feedback. We'll take this into consideration!
Open szalonna opened 2 weeks ago
BenoitZugmeyer
commented
2 weeks ago Thank you for your feedback. We'll take this into consideration!
Hello Datadog!
Currently RUM supports local storage as fallback session store when the client runs in an environment which does not meet the requirements for cookie handling and
allowFallbackToLocalStorageenabled.I would love to see an option where we can enforce local storage as session store independently if the platform is available to store a cookie or not.
Reason
Like mentioned in #590 and #1346 web application security reports mark the session cookie as a low priority finding as it is non-HTTP only. If we, as application developers, could enforce the storage strategy, we could address these findings not by just "ignoring" it. If the fallback strategy works as fine as the cookie one or if there are some known limitations between the two, we should be able to make this decision.
Possible implementation
InitConfigurationinterface with a new flag likeenforceToLocalStorageenforceToLocalStorageflag before check if platform is able to handle cookies