Docs should mention if you manually set window.webln, you should listen to the onDisconnected event and remove it from the window

[nostrband]

If I save the provider in (i.e. in window.webln) and client disconnects the wallet I can still pay with saved window.webln, tested with Alby connection. This shouldn't happen, if client clicks disconnect then there should be no way for the app to access the wallet.

[rolznz]

I would be happy for a PR for this if you know a good solution. Would it just be deleting webln from the window object?

[nostrband]

I guess the provider could start throwing exceptions on all access methods?

[rolznz]

But how do we tell the provider to do that? Maybe we could propose a disable method in webln https://www.webln.guide/building-lightning-apps/webln-reference

[nostrband]

I was talking about Alby NWC connection, it's probably harder to do when BC just wraps the existing webln provider.

[rolznz]

@nostrband do you use Bitcoin Connect v3? by default it will not set window.webln. If you decide to set it yourself, then you must also delete it when the user disconnects their wallet

[nostrband]

Yeah I'm using v3 and I'm clearing window.webln after disconnect

[rolznz]

@nostrband so is there anything we can do here? or should we update the docs so it's clear if you set window.webln you should also listen to the disconnected event and delete window.webln?

[nostrband]

Hmm ok maybe it should be the app's job to react to disconnect properly. Especially given that if you're just forwarding the existing webln provider then it's harder to make it get "disconnected" if app saves a reference to it and doesn't react to disconnect properly.

I guess onConnected docs could state that this provider object may still be usable even after user clicks "disconnect" so app should react to onDisconnected properly.

[rolznz]

Thanks @nostrband for the clarification.