_getVerifiedStorageObject - contentious sessionStorage element

[arfraz]

See: function _getVerifiedStorageObject within:

https://github.com/microsoft/ApplicationInsights-JS/blob/main/shared/AppInsightsCommon/src/StorageHelperFuncs.ts

This function sets the name of the element to the same as value being a (new Date).toString();
storage.setItem(uid, uid);

Online scanning tool Facette has reported this is violating GDPR. The name of the element needs to be set to something appropriate as to ensure the element can be deemed as 'necessary'

In other words, with the date time being stored as the name of the element, it cannot be identified as a necessary element.

can we set the name of the element to be something static like: sessionStorageCheck so that we mark this value as necessary.

[MSNev]

Because we support multiple instances on a page and there may be multiple instances running across multiple tabs, we need the value to be unique.....

We could prefix the value, would that suffice? So that you can identify that * are necessary?

[arfraz]

thanks for the feedback. As an alternative could I suggest we capture all of them for multiples instances within an array of objects thereby allowing the name of the element to be static ?

You can then run the check by parsing the stringify'd array of objects and fetching the datestring (uid variable) within it.

[MSNev]

allowing the name of the element to be static

This won't really work when they are coming from different tabs (which are completely disconnected from a runtime perspective) and also when we have multiple components for multiple "teams" reporting with different iKeys.

We could possibly have an override, so you could specify your own "fixed" value for this specific "availability" check, will need to review all of the usages both within the AI code base and some of the internal extensions (which are not public).

[arfraz]

thanks for checking that. At the same time I am reviewing whether a prefix is sufficient enough to comply and will let you know.

[arfraz]

have received some feedback that the approach you mentioned with the prefix and wildcard will work. If you're able to implement that and let me know when ready, that would be great.

thanks,
Andrew

[MSNev]

I've created an internal work item for this, not sure of the exact timeframe at this point.

[MSNev]

Now fully released as part of version 2.8.15