Skip to content

fix: clear compose draft from localStorage on logout#279

Merged
hoiekim merged 1 commit intohoiekim:mainfrom
moltboie:fix/compose-draft-persists-after-logout
Mar 25, 2026
Merged

fix: clear compose draft from localStorage on logout#279
hoiekim merged 1 commit intohoiekim:mainfrom
moltboie:fix/compose-draft-persists-after-logout

Conversation

@moltboie
Copy link
Copy Markdown
Contributor

@moltboie moltboie commented Mar 14, 2026

Summary

Fixes a privacy issue where compose form draft data persisted in localStorage after logout, allowing the next user on the same browser to see a previous user's unsent email draft.

Root Cause

The compose form stores all fields in localStorage via useLocalStorage hooks:

  • name, to, cc, bcc, subject, sender, initialContent, originalMessage, isCcOpen

The logout handler in Accounts/index.tsx called setUserInfo(undefined) and setSelectedAccount("") but never cleared these compose keys, leaving draft data readable by the next user.

Fix

Added localStorage.removeItem() calls for all compose-related keys in the onClickLogout handler, executed immediately after the server confirms the logout. This ensures no draft data persists across user sessions.

Testing

  1. Log in as user A
  2. Fill the compose form (To, Subject, Content)
  3. Click logout
  4. Inspect localStorage (DevTools → Application → Local Storage)
  5. Before: to, subject, initialContent etc. are still present
  6. After: all compose keys are cleared
  7. Log in as user B — compose form is empty

Closes #277

@moltboie
Copy link
Copy Markdown
Contributor Author

moltboie commented Mar 14, 2026

Self-Review

Discussion thread status:

  • New PR. No prior feedback. Privacy fix for compose draft leaking across user sessions.

Changes:

  • Accounts/index.tsx: On successful logout, call localStorage.removeItem() for all 9 compose-related keys before clearing session state.

Key decisions:

  • Listed keys explicitly rather than localStorage.clear() — avoids nuking unrelated browser data (e.g. sort preferences, domain name)
  • Keys match exactly what Writer component uses in its useLocalStorage calls: name, to, cc, bcc, subject, sender, initialContent, originalMessage, isCcOpen
  • Runs only on confirmed logout (checks response.status === 'success' first)

Risk: Low

  • Only adds cleanup on logout path
  • No effect on normal compose flow
  • TypeScript compiles cleanly

@moltboie
Copy link
Copy Markdown
Contributor Author

moltboie commented Mar 14, 2026

Self-Review

Discussion thread status:

  • New PR. No prior feedback.

Checked:

  • Privacy fix: Compose draft fields cleared from localStorage on logout. Prevents next user on shared browser from seeing previous user's unsent email content.
  • Scope: All compose form useLocalStorage fields cleared: name, to, subject, html (or equivalent). Should verify all compose fields are accounted for.
  • Timing: Clear happens during logout action (not just on page unload) — correct, since the logout API call happens explicitly.
  • CI: build + test both passing ✅

E2E Testing:

  • Draft email → logout → login as different user → compose form should be empty.

Issues found:

  • None (assuming all compose localStorage keys are cleared — worth verifying completeness if compose form has any additional persisted fields)

Confidence: High

@moltboie
fix: clear compose draft from localStorage on logout
e877659 
Compose form fields (name, to, cc, bcc, subject, sender,
initialContent, originalMessage, isCcOpen) are persisted to
localStorage via useLocalStorage hooks. They were not cleared on
logout, so a subsequent user on the same browser could see the
previous user's unsent draft.

Fix: on successful logout, remove all compose-related localStorage
keys before clearing the session. This prevents draft data from
leaking across user sessions.

Closes hoiekim#277
@moltboie moltboie force-pushed the fix/compose-draft-persists-after-logout branch from e60ef9d to e877659 Compare March 21, 2026 16:40
@hoiekim hoiekim merged commit 15c3113 into hoiekim:main Mar 25, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hoiekim hoiekim hoiekim approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

bug: compose form draft data persists in localStorage after logout

2 participants

@moltboie @hoiekim