nos
Separate sessions by account address
Describe the solution you'd like and the expected behavior
If the same client is used for multiple addresses, then separate sessions should be used.
Is your feature request related to a problem? Please describe.
Switching between addresses maintains a session from a prior address, which is not ideal for security and privacy reasons.
Possible implementation / References
The webview element provides a partition attribute, which could be set to the currently authenticated NEO address.
Before doing so, some research should be done to ensure that the session can't easily be spoofed by simply changing the redux store to a different address in memory. One option might be to use a hash based upon the private key, as long as the existing partitions can't be determined by looking through chrome/electron cache files.
Before doing so, some research should be done to ensure that the session can't easily be spoofed by simply changing the redux store to a different address in memory. One option might be to use a hash based upon the private key, as long as the existing partitions can't be determined by looking through chrome/electron cache files.
After thinking about this, I think it's okay that we simply use the partition attribute as is. When a user wants their information to be secure from other users of the same system, they should be using their own system account such that their files are protected and only accessible by that user.
Anonymous sessions should also be an option. I think this will become more readily available with this feature?
