v3.1.0: UI overhaul - pagination, session actions modal, manage tab rework

- Current tab: sticky pagination, scroll-to-page, height increased
- Session card: datetime + cookie count, removed URL
- Manage tab: reordered cards, icon colors fixed, Quick Action revamped
- Session Actions modal: new info card (data+expiry combined), flat buttons
- Expiration dropdown: pill-based cookie list with status badges
- Randomized storage key on first install, auto-migration from old key
- JSON exports: raw array format, removed wrapper
- Codebase cleanup: shared utils (DOM.closeModal, debounceInput, Normalize)
- Bumped version to 3.1.0

Co-authored-by: risunCode <risunCode@users.noreply.github.com>

Author: risunCode

CHANGELOG.md

@@ -1,5 +1,32 @@
 # Changelog
 
+## v3.1.0 (2026-03-21)
+
+### Codebase Cleanup & Refactor
+- **Removed duplicate logic** — Unified modal close animation (`DOM.closeModal`), expiration calculation, and domain matching into shared utils
+- **Deleted dead code** — Removed unused `getExpirationStatus()`, duplicate `SessionStorage.getGrouped()`, unused `Renderer.pagination()`, and redundant `extractDomain()` wrapper
+- **Centralized import parsing** — New `Normalize.importSessions()` handles all formats (raw array, legacy wrapper, single object) in one place
+- **Merged BrowserStorage** — `getLocal()` and `getSession()` now share a single `get(tabId, type)` implementation
+- **Extracted cookie restore helper** — `cleanForRestore()` and `getCookieUrl()` centralize backward-compat scrubbing for Chrome's cookies API
+
+### Security & Storage
+- **Randomized storage key** — Session data key is now a random hex string generated on first install instead of a hardcoded value. Migration from old key is automatic with zero user interaction
+- **Consistent domain matching** — All domain comparisons now use the shared `Domain.isMatch()` util instead of scattered manual implementations
+
+### Export Format
+- **Raw JSON exports** — All JSON exports now output a plain session array instead of the proprietary `{version, exportDate, sessions}` wrapper. Import still accepts both formats for backward compatibility
+- **Label cleanup** — "Export JSON (raw)" → "Export JSON", "Copy Raw JSON" → "Copy JSON"
+
+### UI Fixes
+- **Saved Data modal** — Fixed tab buttons (Cookies/localStorage/sessionStorage) overlapping by adjusting modal width and tab sizing
+- **No more alert()** — Replaced remaining `alert()` calls in export flow with proper modal dialogs
+
+### Developer Experience
+- **Shared debounce helper** — `DOM.debounceInput()` replaces copy-pasted debounce patterns in search handlers
+- **Cleaner utils** — Added `DOM.closeModal()`, `DOM.debounceInput()`, and `Normalize` module to `utils.js`
+
+---
+
 ## v3.0.0 (2026-02-07)
 
 ### New Features

README.md

@@ -7,9 +7,10 @@ Chrome extension for saving and restoring login sessions. Captures cookies, loca
 - **Save & Restore** — Save complete login sessions and restore them later
 - **Smart Expiration** — Tracks cookie expiration based on longest-lasting cookie *(experimental, may be inaccurate)*
 - **Domain Groups** — Auto-groups sessions by domain for easy management
-- **Backup/Export** — JSON (plain) or OWI (AES-256 encrypted) formats
+- **Backup/Export** — JSON (raw array) or OWI (AES-256 encrypted) formats
 - **Batch Operations** — Bulk backup, delete expired, or clean by domain
 - **Clean Tab** — Selectively clear cookies, storage, history, and cache
+- **Randomized Storage** — Session data stored under a unique random key per installation
 
 ## Showcase
 

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "seswi-session-manager",
-  "version": "3.0.0",
+  "version": "3.1.0",
   "description": "Advanced Session Manager Chrome Extension",
   "type": "module",
   "scripts": {

package.json

@@ -1,7 +1,41 @@
 /**
  * SesWi Service Worker
+ * Generates a randomized storage key on first install for session data.
  */
 
-chrome.runtime.onInstalled.addListener(() => {
-  console.log('[SesWi] Extension installed');
+const META_KEY = '_seswi_meta';
+const OLD_KEY = 'seswi-sessions-blyat';
+
+function generateStorageKey() {
+  const rand = crypto.getRandomValues(new Uint8Array(8));
+  const hex = Array.from(rand, b => b.toString(16).padStart(2, '0')).join('');
+  return `seswi-${hex}`;
+}
+
+chrome.runtime.onInstalled.addListener(async () => {
+  try {
+    const result = await chrome.storage.local.get([META_KEY, OLD_KEY]);
+    const meta = result[META_KEY];
+
+    // Already initialized — skip
+    if (meta?.storageKey) return;
+
+    const newKey = generateStorageKey();
+
+    // Migrate data from old hardcoded key if it exists
+    const oldData = result[OLD_KEY];
+    if (Array.isArray(oldData) && oldData.length > 0) {
+      await chrome.storage.local.set({
+        [META_KEY]: { storageKey: newKey, createdAt: Date.now() },
+        [newKey]: oldData
+      });
+      await chrome.storage.local.remove(OLD_KEY);
+    } else {
+      await chrome.storage.local.set({
+        [META_KEY]: { storageKey: newKey, createdAt: Date.now() }
+      });
+    }
+  } catch (e) {
+    console.error('[SesWi] Init failed:', e);
+  }
 });

src/background.js

@@ -13,14 +13,31 @@ function chunk(arr, size) {
   return out;
 }
 
+function getCookieUrl(cookie) {
+  const d = cookie.domain.startsWith('.') ? cookie.domain.slice(1) : cookie.domain;
+  return `http${cookie.secure ? 's' : ''}://${d}${cookie.path}`;
+}
+
+/**
+ * Clean a saved cookie object for Chrome's cookies.set() API.
+ * Removes properties that Chrome doesn't accept and handles backward compat.
+ */
+function cleanForRestore(cookie) {
+  const clean = { ...cookie };
+  if (cookie.hostOnly) delete clean.domain;
+  if (cookie.session) delete clean.expirationDate;
+  delete clean.hostOnly;
+  delete clean.session;
+  return clean;
+}
+
 export const Cookies = {
   async getForDomain(domain) {
     try {
       const cookies = await chrome.cookies.getAll({});
       const filtered = cookies.filter(c => {
         const d = c.domain.startsWith('.') ? c.domain.slice(1) : c.domain;
-        // Fix: exact match OR subdomain match (must have dot before domain)
-        return d === domain || d.endsWith('.' + domain);
+        return Domain.isMatch(domain, d);
       });
       return Response.success(filtered);
     } catch (e) {
@@ -43,21 +60,20 @@ export const Cookies = {
     try {
       const { data: cookies } = await this.getForDomain(domain);
       let count = 0;
-      
+
       for (const part of chunk(cookies, CHUNK_SIZE)) {
         await Promise.all(part.map(async (cookie) => {
           try {
-            const d = cookie.domain.startsWith('.') ? cookie.domain.slice(1) : cookie.domain;
             await chrome.cookies.remove({
-              url: `http${cookie.secure ? 's' : ''}://${d}${cookie.path}`,
+              url: getCookieUrl(cookie),
               name: cookie.name,
               storeId: cookie.storeId
             });
             count++;
           } catch {}
         }));
       }
-      
+
       return Response.success(count);
     } catch (e) {
       return Response.error(e, 'Cookies.removeForDomain');
@@ -67,30 +83,24 @@ export const Cookies = {
   async restore(session) {
     try {
       if (!session.cookies?.length) return Response.error('No cookies to restore');
-      
+
       // Clear existing first
       await this.removeForDomain(session.domain);
-      
+
       let count = 0;
       for (const part of chunk(session.cookies, CHUNK_SIZE)) {
         await Promise.all(part.map(async (cookie) => {
           try {
-            const d = cookie.domain.startsWith('.') ? cookie.domain.slice(1) : cookie.domain;
-            const clean = { ...cookie };
-            if (cookie.hostOnly) delete clean.domain;
-            if (cookie.session) delete clean.expirationDate;
-            delete clean.hostOnly;
-            delete clean.session;
-            
+            const clean = cleanForRestore(cookie);
             await chrome.cookies.set({
-              url: `http${cookie.secure ? 's' : ''}://${d}${cookie.path}`,
+              url: getCookieUrl(cookie),
               ...clean
             });
             count++;
           } catch {}
         }));
       }
-      
+
       return Response.success({ restored: count, total: session.cookies.length });
     } catch (e) {
       return Response.error(e, 'Cookies.restore');

src/core/cookies.js

@@ -3,7 +3,7 @@
  * Handles: OWI encryption/decryption
  */
 
-import { Response, Logger } from '../utils.js';
+import { Response, Logger, Normalize } from '../utils.js';
 
 // SJCL loaded globally from lib/sjcl.min.js
 const getSJCL = () => window.sjcl;
@@ -64,16 +64,9 @@ export const Crypto = {
       }
 
       const data = this.decrypt(parsed.encryptedData, password);
-      
-      // Normalize to { sessions: [...] }
-      if (parsed.type === 'single') {
-        return Response.success({ sessions: [data] });
-      }
-      if (parsed.type === 'multi' && Array.isArray(data.sessions)) {
-        return Response.success({ sessions: data.sessions });
-      }
-      
-      return Response.error('Unknown OWI format');
+      const sessions = Normalize.importSessions(data);
+      if (!sessions.length) return Response.error('No sessions found in OWI file');
+      return Response.success({ sessions });
     } catch (e) {
       Logger.error('importOWI failed:', e);
       return Response.error(e, 'Crypto.importOWI');

src/core/crypto.js

@@ -5,15 +5,6 @@
 
 import { Domain } from '../utils.js';
 
-// Helper to extract domain from URL
-function extractDomain(url) {
-  try {
-    return Domain.getBase(url);
-  } catch {
-    return null;
-  }
-}
-
 class TabIcons {
   constructor() {
     this.domainToIcon = {};
@@ -55,7 +46,7 @@ class TabIcons {
     try {
       chrome.tabs.onUpdated.addListener((tabId, changeInfo, tab) => {
         if (changeInfo.favIconUrl || changeInfo.url) {
-          const domain = tab?.url ? extractDomain(tab.url) : null;
+          const domain = tab?.url ? (() => { try { return Domain.getBase(tab.url); } catch { return null; } })() : null;
           if (domain && tab.favIconUrl) {
             this._set(domain, tab.favIconUrl);
           }
@@ -112,7 +103,8 @@ class TabIcons {
       const tabs = await chrome.tabs.query({});
       for (const tab of tabs) {
         if (!tab.url) continue;
-        const domain = extractDomain(tab.url);
+        let domain = null;
+        try { domain = Domain.getBase(tab.url); } catch {}
         const icon = tab.favIconUrl || '';
         if (domain && icon) {
           this._set(domain, icon);