How to save a variable and keep it even extension is reinstalled?

[Shu]

Hello,

I am searching for a way to save a variable for current user's account / browser and KEEP IT when user reinstalls the extension.

Basically, I want to add something like "free trial", but I don't want to store any personal information or user email, just create it in simple way:

- script is installed

- variable with timestamp is saved

- script is removed/re-added, variable is still the same... So I know when it was first installed.

If I try storage.sync or storage.local they are reset if extension is removed... How to deal with that?

Thank you!:)

[Deco]

This isnt possible - all extension code is purveyed to being removed once it is installed. Your best option for licensing validation is to do it server-side, or make use of the Licensing API.

Thanks,

Deco

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/42da30b0-9932-493f-9147-60a6da5dfb63n%40chromium.org.

[Shu]

> server-side

But what can I take as a unique ID for each user? Is there any browser ID or something not personal? Or if the only way is to get the user email or something, but how can I access it?

> Licensing API

It was removed with chrome payments or no? If not, can you please share some more info about this?

I can do it server side without problems, but I need to get something unique for each user :/

[ilyaigpetrov]

1) You may get user id via https://developer.chrome.com/docs/extensions/reference/identity/#type-ProfileUserInfo.

2) Google also has userinfo API on its servers, to access it you need to get a an auth token first via https://developer.chrome.com/docs/extensions/reference/identity/#method-getAuthToken. You may find useful this my message: https://groups.google.com/a/chromium.org/g/chromium-extensions/c/k0O3FcTV5w8/m/fHahIq_OCgAJ.

[馮韋元]

Not sure if that will fit your use case, here are a few easy ways.

- using the "cookies" permission to create/update a cookie for a domain relevant to your extension and include an attribute in your cookie. You could read that cookie after reinstalling to get the data back.

- using some website's local storage to store information on the site's storage (not your extension storage) via content scripts. Same idea.

[Simeon Vincent]

I'd caution against using cookies or localstorage on "a domain relevant to your extension" for data leakage reasons. Even if you own a domain, there's no obvious or explicit association between visiting a website and extension data storage. Remember, all cookies set on a domain are transmitted with every request.

Also, there's no guarantee that the browser will still have data written to cookies or localstorage when the user reinstalls the browser. Site data may be cleared if a) the user cleans their browsing history or b) storage limits trigger data eviction for an origin.

+1 to using identity.getProfileUserInfo() to persist a user's settings in your own database. Please note that if you're storing user settings on your server, you'll need to disclose that in your privacy policy.

Cheers,

Simeon - @dotproto

Chrome Extensions DevRel

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/f0fbaff2-a2d3-4337-bfea-0a035fbdbcfan%40chromium.org.

[Shu]

Hello,

thank you Simeon. I don't want to ask the user to provide any personal information, I don't want to have it for security reasons. I want to protect the script from reusing free trial just with simple reinstall, this shouldn't be 100% guarantee, so I think to use cookies.

HOW:

1. When user installs the script, I create just a random ID and open welcome page on my site with "?id=xxxx". And save cookies.

2. Free trial over, user reinstalls the script.

3. Welcome page is opened again with a newly created ID. Cookie detected, I save to DB this new ID.

4. I send a json request to my site to verify if ID is present in DB, if yes - block free trial.

Seems cool, right? No personal information involved. But I noticed that I need to ask for permissions to access my site to send a json request. It's pity, cause it will disabe extensions on all users and they must reapprove permissions :/ 

But at least I am sure that I don't have any personal information :)