What are the options for storing session strings securely in a non-custodian way?
WARNING
LocalStorage is used for illustrative purposes here and may not be best for your app, as there is a number of known issues with storing secret material in browser storage. The session string allows anyone with access to that string to make writes for that user for the time and resources that session is valid for. How that session string is stored and managed is the responsibility of the application.
// An updated version of loadSession(...) using localStorage
const loadSession = async(authMethod: AuthMethod, resources: Array<string>):Promise<DIDSession> => {
const sessionStr = localStorage.getItem('didsession')
let session
if (sessionStr) {
session = await DIDSession.fromSession(sessionStr)
}
if (!session || (session.hasSession && session.isExpired)) {
session = await DIDSession.authorize(authMethod, { resources })
localStorage.setItem('didsession', session.serialize())
}
return session
}
Context:
Warning: LocalStorage is used for illustrative purposes here and may not be best for your app, as there is a number of known issues with storing secret material in browser storage. The session string allows anyone with access to that string to make writes for that user for the time and resources that session is valid for. How that session string is stored and managed is the responsibility of the application.
from doc: DID Session - Ceramic Developers