yaseenkadir
commented
5 years ago Looks like ProtonMail uses a form of sessionStorage but only writes to it when leaving and reads back from it when loading the page and clears it to minimize the time it's in session storage. See https://github.com/ProtonMail/WebClient/blob/5e51ac24ba7a24a330544c0bc943cb721d2d8bc0/src/app/commons/services/secureSessionStorage.js
They also do a trick to write to window.name and sessionStorage. We may just be able to copy their API and use it in our project. If it's easy enough we should just do that, but if not persisting to sessionStorage on unload and clearing when loading may be good enough for our MVP and will get us 80% there with 20% of the effort.
If you refresh the page you have to re-enter your passphrase. This sucks. We should persist it in sessionStorage.
We will figure out later what the appropriate amount of time to leave it in session storage is.