Keeping users logged-in across page reloads¶
If you’ve properly set up shared session support, then your users will stay logged-in to the XMPP server upon page reloads.
However, if users are logging in manually, then users might get logged out between requests.
Credential Management API¶
Users with modern browsers which properly support the Credential Management API should be automatically logged-in across page reloads and therefore maintain their sessions.
Storing the password in localStorage¶
Since cookies are usually not an option, people have suggested storing the password in localStorage and logging in with it again when the user reloads the page.
We’ve purposefully not put this functionality in Converse.js due to the security implications of storing plaintext passwords in localStorage.
Storing the SASL SCRAM-SHA1 hash in IndexedDB¶
Another suggestion that’s been suggested is to store the SCRAM-SHA1 computed
clientKey in localStorage and to use that upon page reload to log the user in again.
This has been implemented since version 10, see documentation on reuse_scram_keys