search

Mohamed-512 / Extra-Streamlit-Components

An all in one place, to find complex or just not available components by default on streamlit.
Apache License 2.0
466 stars 59 forks source link

Store Cookie Manager in Session State #57

Open Yanni8 opened 8 months ago

Yanni8 commented 8 months ago

st.session_state can be used to store persistence variables that will stay the same during reruns. The cool thing is that every user/session (A session is a browser Tap in this case) has its own Session State.

You currently can't use the Cookie Manager really in Shared Environments

Security Note: In shared domains such as share.streamlit.io, other web developers can have access to the cookies you set and the same goes for you. This is not to be treaded as security bug but a circumstance the developer need to be aware of.

If I understand correctly, this is because the cookie manager stores a local copy of all cookies.

https://github.com/Mohamed-512/Extra-Streamlit-Components/blob/9bd08dc4059952dab1a95a6e0727ccd21eb6b60a/extra_streamlit_components/CookieManager/__init__.py#L19

class CookieManager:
    def __init__(self, key="init"):
        self.cookie_manager = _component_func
        self.cookies = self.cookie_manager(method="getAll", key=key, default={})

But by using Session State each user would get their own Manager → No Leaked Cookies.

if "cookie_manager" not in st.session_state:
        st.session_state.cookie_manager = stx.CookieManager(
            key="cookie_manager",
        )

Am I missing something, or would this be a better approach? @Mohamed-512

CHerSun commented 8 months ago

You can't use cookies in shared environments, because cookies are tied to the domain in user's browser (i.e. on client side). Session state has nothing to do with that at all. Shared environment needs a way to separate cookies. See my answer to you in another issue, where you asked for a link.