Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

sessionStorage in iframe

I'm going to have several iframes on my page and I'm going to quite intensively use sessionStorage inside them. What I'm curious about is if I will have separate storages or one shared for all iframes? How do the size limits apply?

like image 207
strannik Avatar asked Aug 27 '15 11:08

strannik


People also ask

Is sessionStorage shared between iframes?

The sessionStorage exists only within the current browser tab. Another tab with the same page will have a different storage. But it is shared between iframes in the same tab (assuming they come from the same origin).

Can iframe access parent localStorage?

localstorage is a property of the domain So on the parent, the execution window page is from fiddle.jshell.net and the iframe is from jsfiddle.net , as per your hardcoded iframe src - they are different domains and can't access each other's localstrage.

Does session storage persist across subdomains?

Way to Solution That's because localstorage doesn't support sharing the storage across subdomains or even domain. Thus, if you have something stored at a.example.com it won't be accessible from example.com or b.example.com.


2 Answers

If sessionStorage is shared depends on the iframe's page and it's origin, which is the domain part of the URL. If you have a webpage at http://myserver/test.html and it is including http://thatserver/some.html via an iframe, the iframe's page has the domain thatserver. Thus the origin differs and the sessionStorage won't be shared. But if the iframe's page is http://myserver/some.html it has the same origin and therefore will share the same session storage.

Now there is an additional trick: The sandbox attribute for the iframe. If you write <iframe sandbox> without the value allow-same-origin the content of the iframe gets a unique origin. That means it would get a different sessionStorage regardless of the real origin that page has. You can write <iframe sandbox="allow-same-origin"> to sandbox the content AND let the content of the iframe to have the same origin (but only if if does have the real same origin).

Now special notes: sandboxed iframes won't support localStorage per spec. And in webkit-browsers and mozilla firefox an exception will be thrown if the sandboxed iframe content will try to access sessionStorage.

like image 110
Krassmus Avatar answered Nov 13 '22 21:11

Krassmus


OK, I've made a test myself. At least in Chrome (44) and Firefox (40) the sessionStorage is shared among page and the iframes included if they are of the same domain and do not if they are of different domains.

like image 37
strannik Avatar answered Nov 13 '22 21:11

strannik