Describe the Bug
Currently, the collaborative workspace assigns room ownership (admin status) to the room creator. To prevent non-admins from claiming this status, the server generates a unique adminToken which is delivered to the admin client and stored inside sessionStorage.
However, sessionStorage is tied strictly to the lifetime of the browser tab. If the admin accidentally closes their active tab and opens the room link in a new tab or window, sessionStorage is empty, causing them to lose their admin token. If no other users are in the room, the admin reclaim period fails, leaving the room without an active admin or stripping the original owner of their privileges.
Affected Code
In src/pages/EditorPage.js:
const adminTokenRef = useRef(() => {
try { return sessionStorage.getItem(`collabce_adminToken_${roomId}`) || null; } catch (_) { return null; }
});
Describe the Bug
Currently, the collaborative workspace assigns room ownership (admin status) to the room creator. To prevent non-admins from claiming this status, the server generates a unique
adminTokenwhich is delivered to the admin client and stored insidesessionStorage.However,
sessionStorageis tied strictly to the lifetime of the browser tab. If the admin accidentally closes their active tab and opens the room link in a new tab or window,sessionStorageis empty, causing them to lose their admin token. If no other users are in the room, the admin reclaim period fails, leaving the room without an active admin or stripping the original owner of their privileges.Affected Code
In src/pages/EditorPage.js: