Login/Register
AWS Cognito: tokens automatically get stored in local storage. How to save them in session storage instead?
Asked Answered
Solved amazon-web-servicesjwtlocal-storageamazon-cognitosession-storage
T

1

8

I am using AWS Amplify / AWS Cognito for my web app. It would automatically put tokens in browser's localStorage. This is the expected behavior of SDKs. It adds the tokens to local storage so user can use the app without logging in again after the session is closed and then restarted.

However, in my strange user scenario, I have to make my web app such that when user closes browser and re-opens it, the user must sign in again.

So instead of having the tokens saved in localStorage, I need to save them in sessionStorage of web browser.

How to do it nicely?

Titian answered 7/3, 2022 at 14:25 Comment(0)
I
11

This can be accomplished by passing window.sessionStorage into your auth configuration.

Auth.configure({ storage: window.sessionStorage })
Influence answered 7/3, 2022 at 17:16 Comment(3)
It was now easily accessible to anyone,how can I simply remove this credentials as I don't want anyone to misuse this data?Carburize
@KimiRaikkonen9790 Well for one, session and local storage are restricted to the same origin (that is scheme + domain + port), it is more restrictive than cookies are by default. Second if you are in a position where you cannot trust users with their own credentials you really need to rethink your access controls. If instead you want to control what claims are present in the token, consider disabling them in the cognito client config or modifying them with a pre token generation handler.Influence
Hi, was this fix solve your requirement "I have to make my web app such that when the user closes the browser and re-opens it, the user must sign in again."? since sessionStorage is tab specific, I don't think the app will still be in logged-in state if you open the URL in a new tab or close/open the current tab. Appreciate your response.Sugden

© 2022 - 2024 — McMap. All rights reserved.