Change persistence type to session rather than local #182
Conversation
antonymilne
requested review from
Joseph-Perkins,
huong-li-nguyen,
maxschulz-COL and
lingyielia
as code owners
vizro-core/changelog.d/20231124_130803_antony.milne_session_storage.md
Outdated
Show resolved
Hide resolved
…orage.md Signed-off-by: Antony Milne <[email protected]>
Signed-off-by: Antony Milne <[email protected]>
antonymilne
changed the title
There was a problem hiding this comment.
The PR looks good to me. The persistence type for all the components in the app is properly changed. Only the 'theme_selector' isn't adjusted (and it still uses the default persitence_type="local") which also looks correctly to me (I guess we always want to persist selected theme even when the browser tab is closed and reopened again.)
I'm just wondering why we decided to change the persistence_type to "session" in the first place. Do we consider this what the user expects to happen, or did we do it for some security reasons (if someone else opens the same app for the same machine, they can't know what values (besides "theme") were selected from the previous user), solve some existing unexpected behaviour or something else?
However +1 approval from my side 😄.
|
I have the same question as Petar 😄 |
|
Thanks for the reviews @lingyielia and @petar-qb! Actually leaving the theme selector with As for the motivation for making this change: it's not to do with user expectation or security but purely for legal reasons. Possibly @Joseph-Perkins can explain more since he spoke to the legal team about it, but my understanding is that while there's room for interpretation as to what constitutes an essential vs. non-essential cookie, it's safest to persist these things as little as possible or you might be required to put up banners asking for users to accept cookies, which we don't want to do. So unless there's distinct advantage in using N.B. here I talk about cookies, which as you know isn't actually the mechanism we use for persisting filter values etc. which is all done in browser storage. The laws apply exactly the same regardless of the mechanism, it's just often referred to as the Cookie Law because the most common place you see the effect is in needing to accept cookies. |
|
So far there was no specific user requirement to apply themes to local storage in the past. (I believe it was changed to local storage by default when all the other persistence instances where also defaulted to that) Since there is an option in the dashboard configuration to default to a specific theme, then that can be used to provide some control of initial theme choices instead of using local storage, if needed So in this case I think we can apply session storage to the themes without contradicting any known user requirements at this point |
|
Thanks @Joseph-Perkins, I've made the theme selector also use session storage 👍 |
Description
Following conversations with the legal team, we've changed the
persistence_typeeverywhere fromlocal(the Dash default) tosession(which is less persistent) and included a warning in the docs that it's the user's responsibility if they change it from this.Checklist
Types of changes
Notice
I acknowledge and agree that, by checking this box and clicking "Submit Pull Request":