问题
I'm making an app which holds sensitive information about the user. This data is held in the store and is used throughout the app, on different views.
The session can expire, with the store being completely cleared if the user tries to navigate to another route after a timeout. However, the store is not cleared until the user navigates to a new route. Let's say the user leaves their machine without logging out. The session times out but the page is still there and the store is yet to be cleared.
Would it be possible for someone else to access information from the store if it hasn't been cleared yet? (e.g. With Chrome dev tools)
The other option I can see is to clear the store on session timeout and somehow keep the current view in place. The idea being that the current view should not break if the session has expired.
来源:https://stackoverflow.com/questions/43507052/redux-security-is-it-possible-to-access-store-data