I have an app that is using screens that are anonymous because we will have this loan application open to public and won't require login until the loan is approved. That said, I am using client variable to store the customer information.
The thing is that even when I close the browser, I still have those values when I re-open the browser. How long does it stay? How do I go around this security issue?
Hi Juan,
One option you have is to use the event OnApplicationReady to initialize your client variables. So when you reopen the application it will have the cleaned values.
Tiago and Roberto, Client Variables are very similar to sessions, but they have some differences and they were introduced in the October version of the platform to Reactive and Mobile apps.
https://success.outsystems.com/Documentation/11/Reference/OutSystems_Language/Data/Handling_Data/Client_Variable
Regards
Fabio
Fábio Fantato wrote:
Thanks Fabio.
The documentation doesn't tell much unfortunately. I wanted to know where this is being triggered. This is because I jump from one page to another and don't want to clear the client variables.
Can you be more specific on the Client Variable Data?
Regards,
Client Variables on a Reactive Web Application
Imagine a wizard type application screens where customer inputs information e.g. Name, Phone, Email, etc. being passed from one screen to another using client variables to store it. Put your screen as anonymous. Then close the browser with all other instances or tabs of it. Now, reopen the browser, you will still see the values. To be specific, I am using chrome.
I suppose you're using Session Variables, you can check more information on that here:
https://success.outsystems.com/Documentation/10/Developing_an_Application/Use_Data/Sessions_in_Web_Applications
About the timeout, it's probably related to this:"The default value for the session timeout depends on the application server:
machine.config
/etc/.java/.systemPrefs/outsystems/prefs.xml
If you need to clear the session variables at some point, you can try using the Logout action if posible for clearing data.
Another workaround you can find is to work with the OnBeginWebRequest in order to create some logic to clear data when need or a token system.
However, if you describe your problem further, I can help you
Hello Juan Carlos,
How about using an input variable, a Boolean, that would determine if a variable should be kept?
Have this variable set to True on navigate to your page, then on the OnInitialize you can check the value of the parameter and remove the input parameter from the URL (hiding the action from the user and the browser).
Hope this helps!
- Emman
Juan Carlos Elorde wrote:
Juan Carlos,
You can try this. Click the webscreen and below is an Event Handler with options OnInitialize or OnDestroy(to clear any footprint(before leaving the screen)
@John Emmanuel
Will keep that in mind.
@Michael
I am aware of that actions but I don't want to use them to clear the values every time I go to that page. I have forward and backward actions so those events can't be used.