Security Updates

static/js/config.js

@@ -1,5 +1,6 @@
 const USERNAME_KEY = 'scrumPoker.username';
 const PRESETS_KEY = 'scrumPoker.deckPresets.v1';
+const ROOM_SESSION_KEY_PREFIX = 'scrumPoker.roomSession.';
 
 const SCALE_PRESETS = {
     fibonacci: ['0', '1', '2', '3', '5', '8', '13', '21', '?'],
@@ -502,6 +503,7 @@ roomConfigForm.addEventListener('submit', async (event) => {
         allowSpectators: Boolean(formData.get('allowSpectators')),
         anonymousVoting: Boolean(formData.get('anonymousVoting')),
         autoReset: Boolean(formData.get('autoReset')),
+        allowVoteChange: Boolean(formData.get('allowVoteChange')),
         revealMode: (formData.get('revealMode') || 'manual').toString(),
         votingTimeoutSec: Number(formData.get('votingTimeoutSec') || 0),
         password: (formData.get('password') || '').toString(),
@@ -522,7 +524,12 @@ roomConfigForm.addEventListener('submit', async (event) => {
             return;
         }
 
-        const target = `/room/${encodeURIComponent(data.roomId)}?participantId=${encodeURIComponent(data.creatorParticipantId)}&adminToken=${encodeURIComponent(data.adminToken)}&username=${encodeURIComponent(payload.creatorUsername)}`;
+        localStorage.setItem(`${ROOM_SESSION_KEY_PREFIX}${data.roomId}`, JSON.stringify({
+            participantId: data.creatorParticipantId,
+            sessionToken: data.creatorSessionToken,
+        }));
+
+        const target = `/room/${encodeURIComponent(data.roomId)}?adminToken=${encodeURIComponent(data.adminToken)}&username=${encodeURIComponent(payload.creatorUsername)}`;
         window.location.assign(target);
     } catch (_err) {
         statusLine.textContent = 'Network error while creating room.';