>>> [!note] Migrated issue <!-- Drupal.org comment --> <!-- Migrated from issue #3518180. --> Reported by: [bbruno](https://www.drupal.org/user/3691195) Related to !907 !896 >>> <h3 id="summary-problem-motivation">Problem/Motivation</h3> <p>Currently, the only available option for storing chat history in an AI Assistant is through server sessions. This can interfere with Drupal's caching and limits flexibility in how chat history is preserved.</p> <p>Implementing local storage support would enable chat history to persist directly in the user's browser, decoupling it from server-side session handling.</p> <h3 id="summary-proposed-resolution">Proposed resolution</h3> <p>- Implement an option to store chat history in the browser's local storage, enabled in the "Allow History" field of an AI Assistant<br> - Deepchat already has the capability of handling this: <a href="https://deepchat.dev/docs/messages/#browserStorage">https://deepchat.dev/docs/messages/#browserStorage</a></p> <p>Additional info from Marcus in <a href="https://www.drupal.org/project/ai/issues/3545173#comment-16269403:">https://www.drupal.org/project/ai/issues/3545173#comment-16269403:</a></p> <blockquote><p>So the AI assistant was built with stuff like Claude Desktop, Claude Cli, ChatGPT, Claude, Loveable, Builder.io etc. in mind. So they store data that could be to large or sensitive to store in localstorage.</p> <p>I'm wondering what the main use cases are for anonymous chatbots is? Is it mainly for a RAG chatbots, so like chat with your content? Is it read-only tool calling?</p> <p>To get to the point where we have this, there are a couple of things that we have that I can think will reach the solution:</p> <p>1. #3492940: Add ChatbackendInterface. That would be the big one, but its quite an undertaking.<br> 2. Local storage as has been mentioned here.<br> 3. For CSRF token, I'm wondering if we can store it via double submit cookie pattern?</p> <p>The problem is that if you do not have any CSRF or any WAF, you open up yourself to be bombarded with requests that could make you lose money and become an AI proxy etc. Even if that is not the main purpose of CSRF tokens, that simple friction stops a lot of scripting. But I might be completely wrong here.</p> <p>For the assistants part, we can do the changes so the PrivateTempStorage should never be in use.</p></blockquote> <h3 id="summary-ui-changes">User interface changes</h3> <p>New configuration option in the AI Assistant settings to enable storing chat history in the browser using local storage.</p>