Username or email are stored in html5 persistent storage

[udays-visa]

Describe the bug Username and/or email are stored in persistent html5 storage using localStorage construct. Localstorage items do not get destroyed when session ends or browser window gets closed. This persistent data can be used by other malicious users to potentially gain access to datahub instance. Moving data from localStorage to sessionStorage will address potential PI data violation and avoid malicious access.

To Reproduce Steps to reproduce the behavior:

1. Login with any user account
2. Open browser console and switch to application tab or where we can observe browser storage
3. Select localStorage
4. Check the value for field "__user_id"

Expected behavior Usernames or emails should not be stored in unencrypted persistent storage. Moving this data to sessionStorage which is temporary in nature will resolve potential issues.

Screenshots

Desktop (please complete the following information):

• Datahub v0.13.3
• Crome 126

[433B]

Hello! I'm interested in this topic, could I have it for myself? I have experience in this area. Additionally, this is a key assignment for one of my university courses.

[DanielVsh]

Hi @udays-visa, can i contribute there ?

[udays-visa]

yes please go ahead and raise a PR.