cookies are not shared between extension and dialog

[tjallingt]

I would expect the extension and the dialogs that it is displaying to share the same cookies (cookiejar?), but it appears that this is not the case. Is this correct? This makes authorizing and tracking users of extensions very difficult.

[Kovner]

Good catch. We will investigate.

[tjallingt]

Just to be a bit more explicit/helpful I made anextension that reproduces this behaviour to illustrate what (i think) needs to change.

You can find it here: https://github.com/tjallingt/extension-cookie-repro

This extension creates a session id, stores it in the cookie and stores the timestamp when it was first loaded in the session. If you open a dialog (configure or by clicking the button) it will display a different timestamp, indicating that the cookie was lost when opening this new window.

The expected behaviour would be that both the main extension and the dialog created by the extension would display the same timestamp (and thus share their cookies).

Reloading the extension currently also refreshes the cookie. I'm not sure what the desired behaviour should be there but this doesn't seem wrong to me.

All of this is complicated by the fact that this needs to work on Tableau server (where i assume you use Iframes), I did not test any of this on Tableau server so I'm not sure how the behaves there...

Hope this helps ❤️

[craigbloodworth]

I'd say this is expected behaviour for Desktop? There's no local persistent storage other then the workbook XML but that's OK because one workbook = one user. Can't you just use:

tableau.extensions.settings.set();
tableau.extensions.settings.saveAsync();

to store the session info in Desktop?

That method won't work in Server as most server users won't be editing the workbook, they'll just be using the extension. In that case you can use cookies as the browser is responsible for everything and just use the variable: tableau.extensions.environment.context to detect if the workbook is being run in Server or Desktop

[tjallingt]

@craigbloodworth thanks for your suggestion 👍

I'm using cookies to prevent users from accessing parts of my extension so just storing user data in the settings is not enough (because my server needs to know what a user is and isn't allowed to do/see). Additionally I would not recommend storing user data in settings as it will remain stored inside the workbook even if a different user opens the workbook. Settings are really great at storing configuration for an extension, not so much for storing user specific data.

To illustrate why I think this is unexpected/inconsistent behaviour we need to think in terms of Tableau server/web browsers: Currently opening a dialog is behaving as if I opened a new incognito tab in a webbrowser; every new tab gets its own set of cookies. For (most) webbrowsers incognito tabs are not the default because users expect to be able to open a new tab and still be logged in... Additionally as you say yourself using cookies in this way works on Tableau server (as there it uses plain iframes which do share their cookies) Lastly cookies are already stored; reloading/navigating inside an extension window retains cookies and "just works"™ but extension windows do not share cookies with eachother and dialogs seem to be coded as independent extensions (except for their settings).

I could fix this by storing a token and adding that as a query parameter whenever they open a dialog but cookies are meant to solve this exact problem so I'd like to just be able to use them 😕.

[johnDance]

@tjallingt - This work has been done, but needs to get into the release pipeline. The plan is for it to be part of 2020.4. When released, non-persistent cookies and localstorage will be available to extensions. They will be accessible to extensions from the same domain, as they are on server. They will persist as long as Tableau is running. When Tableau is terminated, the cookies & localstorage will be cleared.