web client: Need to clear out last patron data at end of session
Bug #1527694 reported by
Kathy Lussier
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
Fix Released
|
Medium
|
Unassigned |
Bug Description
If I walk away from web client testing for a few days or even weeks and then select the "Retrieve Last Patron" action, I will successfully retrieve the last patron record that has been accessed in my browser. This raises patron privacy concerns. The eg.circ.last_patron data should only be stored for a session so that it is no longer obtainable once staff has either logged out of the client or has been automatically logged out due to inactivity.
Changed in evergreen: | |
status: | New → Confirmed |
Changed in evergreen: | |
assignee: | nobody → Erica Rohlfs (erohlfs) |
Changed in evergreen: | |
milestone: | 2.next → 2.11-beta |
Changed in evergreen: | |
assignee: | Erica Rohlfs (erohlfs) → nobody |
Changed in evergreen: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Here's code to store the last retrieved patron ID in a cookie instead of localStorage so that the value can gracefully disappear when exiting the browser.
This adds a new angular-cookies dependency. (ngCookies was avoided in the 1.3 days because it was incomplete. 1.5-era ngCookies works as expected). We'll also need ngCookies for storing the auth token for similar reasons.
http:// git.evergreen- ils.org/ ?p=working/ Evergreen. git;a=shortlog; h=refs/ heads/user/ berick/ lp1527694- webstaff- clear-last- patron