Same encrypted value can be decrypted by the same browser on incognito window

sushinpv / react-secure-storage

This is a wrapper written above local storage to write the data securely to local storage

https://npmjs.com/package/react-secure-storage

MIT License

126 stars 12 forks source link

Same encrypted value can be decrypted by the same browser on incognito window #47

Closed andresliu-p202 closed 2 months ago

andresliu-p202 commented 3 months ago

I'm trying on chrome vs incognito chrome window and am able to copy and paste values between each other and they are getting decrypted and read successfully on both sides. Other browsers and cross-browsers do seem to work for me though.

Am I doing something wrong or is this the expected behavior? I think even if it's the same browser app if it's different tabs or windows it should not be able to decrypt it.

sushinpv commented 2 months ago

Hi This is expected behavior as of now!

To block this for different tabs or windows is won't be a good option, as most of the users are storing this data to the local Storage to read the again after the full session clear and when the browser relaunches again!