The H5P client is capable of saving the current state of the user so that the user can resume where they left off. This means that e.g. their attempts entered into textboxes are the same as when they last left off.
false
the H5P client can also request the user
state through an AJAX call from the server.IContentUserDataStorage
. The recommended storage class
for production is MongoContentUserDataStorage
in the
@lumieducation/h5p-mongos3
package. There's also a
FileContentUserDataStorageClass
in the @lumieducation/h5p-server
package
that you can use for development or testing purposes.H5PEditor
and
H5PPlayer
constructor.contentUserStateSaveInterval
in IH5PConfig
to the interval at which
the client should save the state (in milliseconds). The recommended number is
10000
. (To disable the feature, set contentUserStateSaveInterval
to
false
)h5pAjaxExpressRouter
from the @lumieducation/h5p-express
package, then the routes for the AJAX endpoint are automatically created. You
can manually turn them on by setting routeContentUserData
in the options
when creating the route.h5pAjaxExpressRouter
, you have to route everything
manually. First get ContentUserDataManager
from H5PEditor
or H5PPlayer
.
Route these endpoints to the functions and return HTTP status code 200 with a
JSON object that is based on AjaxSuccessResponse
with empty payload (Check
out the Express Router for details):
ContentUserDataManager.getContentUserData
ContentUserDataManager.createOrUpdateContentUserData
contentUserDataUrl
in IH5PConfig
.contentUserStateSaveInterval
in IH5PConfig. If you set it to false, you can
disable the feature.You should implement CSRF tokens when using the content user state as the POST endpoint would otherwise by vulnerable to CSRF attacks when using cookie authentication. The tokens are added to the endpoint URL in the IUrlGenerator implementation and thus sent to the server whenever a POST call is made. Check out the REST example on how to pass the CSRF token to the H5P server components and how to check its validity.