I have an app that is using screens that are anonymous because we will have this loan application open to public and won't require login until the loan is approved. That said, I am using client variable to store the customer information.

The thing is that even when I close the browser, I still have those values when I re-open the browser. How long does it stay? How do I go around this security issue?

Hi Juan,

Can you be more specific on the Client Variable Data? 

  • What kind of application are you doing? Mobile, Web or Reactive?
  • What kind of variable did you created? Local, Session or other?

Regards,

Client Variables on a Reactive Web Application

Imagine a wizard type application screens where customer inputs information e.g. Name, Phone, Email, etc. being passed from one screen to another using client variables to store it. Put your screen as anonymous. Then close the browser with all other instances or tabs of it. Now, reopen the browser, you will still see the values. To be specific, I am using chrome.

Hi Juan,

I suppose you're using Session Variables, you can check more information on that here:

https://success.outsystems.com/Documentation/10/Developing_an_Application/Use_Data/Sessions_in_Web_Applications

About the timeout, it's probably related to this:
"The default value for the session timeout depends on the application server:

.NET
20 minutes and this value can be configured in machine.config file;
J2EE
60 minutes and this value can be configured in /etc/.java/.systemPrefs/outsystems/prefs.xml file."

If you need to clear the session variables at some point, you can try using the Logout action if posible for clearing data.

Another workaround you can find is to work with the OnBeginWebRequest in order to create some logic to clear data when need or a token system.

However, if you describe your problem further, I can help you

Solution

Hi Juan,

One option you have is to use the event OnApplicationReady to initialize your client variables. So when you reopen the application it will have the cleaned values.


Tiago and Roberto, Client Variables are very similar to sessions, but they have some differences and they were introduced in the October version of the platform to Reactive and Mobile apps.

https://success.outsystems.com/Documentation/11/Reference/OutSystems_Language/Data/Handling_Data/Client_Variable


Regards

Fabio

 

Solution

Fábio Fantato wrote:

Hi Juan,

One option you have is to use the event OnApplicationReady to initialize your client variables. So when you reopen the application it will have the cleaned values.


Tiago and Roberto, Client Variables are very similar to sessions, but they have some differences and they were introduced in the October version of the platform to Reactive and Mobile apps.

https://success.outsystems.com/Documentation/11/Reference/OutSystems_Language/Data/Handling_Data/Client_Variable


Regards

Fabio

 

Thanks Fabio.

The documentation doesn't tell much unfortunately. I wanted to know where this is being triggered. This is because I jump from one page to another and don't want to clear the client variables.


Hello Juan Carlos,


How about using an input variable, a Boolean, that would determine if a variable should be kept?

Have this variable set to True on navigate to your page, then on the OnInitialize you can check the value of the parameter and remove the input parameter from the URL (hiding the action from the user and the browser).




Hope this helps!

- Emman


Juan Carlos Elorde wrote:

I have an app that is using screens that are anonymous because we will have this loan application open to public and won't require login until the loan is approved. That said, I am using client variable to store the customer information.

The thing is that even when I close the browser, I still have those values when I re-open the browser. How long does it stay? How do I go around this security issue?

Juan Carlos,

You can try this. Click the webscreen and below is an Event Handler with options OnInitialize or OnDestroy(to clear any footprint(before leaving the screen) 


@John Emmanuel

Will keep that in mind.

@Michael

I am aware of that actions but I don't want to use them to clear the values every time I go to that page. I have forward and backward actions so those events can't be used.