Hi, I am interested to know how session variables are accessed/used in Reactive web application? What I can see is "Client Variables" instead. Please explain the client variables.
Hi Waqas,
To say it short Client variables are to the front end (browser) what session variables are to the server.
You cannot access session variables directly in screen actions or client actions of reactive web applications.
You would need to write a server action and use that in a Data action on your screen.
Client variables are stored in locally in the browser.
Here is the official client variables documentation.
Regards,
Daniel
Hi Daniel,
May i clarify what you do you mean by that?
if you could point me to some reference / sample code implementation i would be most grateful
I would like to store some form data in a Reactive Web App that are sensitive hence unable to store in local storage (or client variables). Many thanks
@Daniël Kuhlmann
In addition to what Daniel replied, I just want to add few things to answer your question on accessing session variables.
In reactive application most of the logic is run on the client side and this reduces the traffic between client and server and thus improving the performance of the applications.
So it makes sense that client maintains these variables that are valid during his session.
Hence client variables are nothing but session variables in reactive applications except that they are stored in client side rather than server side.
As per the documentation, Client Variables reset to their default values when the user signs out of the app or when the platform signs out the user automatically. However, do not use Client Variables to store sensitive or confidential information.
Thanks
Ravi
Ravi Vakkalanka wrote:
In reactive web app, session variables are still very important to store private/sensitive data on the server side, especially when they need to be cached per the session.
Why exactly it is not recommended use Client Variables to store sensitive or confidential information? How they can be accessed?
Refer to this for better understanding
https://success.outsystems.com/Documentation/Best_Practices/Security/Reactive_web_security_best_practices
With Regards,
Sandeep.
Hi Mykola,
Client Variable will be stored in the client-side, directly in the browser local storage. Any javascript code could access and change this information including the devloper inspector tools in almost all browsers. If you need to store confidential/sensitive information in client variables, you should encrypt the data to make sure you are not exposing them.
Regards
Fabio Fantato
Fábio Fantato wrote:
So saving sensitive data in local storage entities is also not secure, right? I mean in case when we need to store say API key - we should encrypt it and then can save it in local storage? or in this case it is better retrieve it every time from the server?
Hi Wakas,
If tou need, you can get this Clients variables in real time using this component as an example.
Regards.