middisp / sessionstorage Goto Github PK

What steps will reproduce the problem?
1. Try to run latest, trunk version of SessionStorage script in IE8 browser

What is the expected output? What do you see instead?
I get error "Member not found" at line 539. "sessionStorage" function is 
shadowing browser's sessionStorage object, so setItem in below code will always 
trow exception:

    if(typeof sessionStorage !== "undefined") {
        try {
            random = '@@' + Math.random();
            sessionStorage.setItem(random, random);
            sessionStorage.removeItem(random);
            return;
        } catch(o_O) {
            // iOS private browsing
            // keep going on
        }
    }

What version of the product are you using? On what operating system?
trunk

Please provide any additional information below.

Because stream cipher do not support authentication, so the hacker could 
replace the known plaintext (it's very possible in sessionStorage case because 
the source code of the web page is public) without known key.

So I think we'd better use lightweight block cipher like XXTEA.

code "i = k % 256;" should be "i = (k + 1) % 256;"

I was playing the whole time with your sessionStorage implementation. On
your demo page is all good, but I trying to us it in the real environment
and I think its broken :)

If I trying to do setItem in any browser without native support of
sessionStorage, the data is available only on the same page. 

If you need help to reproduce it, just write me a mail, I will see how I
can let you to see it on our intranet testserver.

What steps will reproduce the problem?
1. embed a page that uses sessionstorage.js inside an iframe of a Host page
2. open it up in latest chrome browser
3. Check your console

What is the expected output? What do you see instead?
You will see
Uncaught SecurityError: Blocked a frame with origin "inside page url" from 
accessing a frame with origin "Host page url". Protocols, domains, and ports 
must match. 

What version of the product are you using? On what operating system?
sessionstorage 1.4 downloaded from:
https://code.google.com/p/sessionstorage/downloads/detail?name=sessionstorage.mi
n.js

Please provide any additional information below.
The cause is at 
    // the prefix to use to enable multiple domains
    domain = top.document.domain,
You can't call top.document.domain unless the page where sessionstorage is on 
and the host page share the same document.domain. Anytime you call top, you 
will see a cross-domain error.

It don't seems to work in IE6

I am storing session in sessionStorage
Only at the time of logout response I am removing that from storage
But after login if I switch tab and open another page of same project then 
session was removed automatically and i have to login again.

Please help..