[whatwg] Private browsing vs. Storage and Databases
beidson at apple.com
Tue Apr 7 18:07:02 PDT 2009
On Apr 7, 2009, at 5:50 PM, Aryeh Gregor wrote:
> How are cookies handled right now? Surely the issues should be pretty
> much the same?
They are unspecified. From this thread I have learned that Chrome and
Firefox start with no cookies. Safari starts with a snapshot of
cookies at the point where the user entered private browsing mode. I
would not be surprised if Opera or IE8 were subtley different from
either of these two approaches.
>> Option 3 is simple to implement and option 4 would difficult to
>> efficiently. Both would lead to bizarre behavior where data that the
>> application thought was saved really wasn't.
> I certainly can't think of how 3 could ever cause a problem. It
> should be the same as the user just logging in from a computer they
> haven't used before, shouldn't it?
I strongly share Jonas' concern that we'd tell web applications that
we're storing there data when we already know we're going to dump it
later. For 3 and 4 both, we're basically lying to the application and
therefore the user. Imagine a scenario where a user has no network
connection and unknowingly left their browser in private browsing
mode. Email, documents, financial transactions, etc could all be
"saved" locally then later thrown away before they've had a chance to
sync to a server.
> I don't think 1, 2, or 5 are good ideas, since they make localStorage
> semi-usable at best when privacy mode is enabled.
Apparently Firefox plans to implement #2, and so far I'm standing by
WebKit choosing #5 for now. Options 1, 2, and 5 all avoid the problem
that 3 and 4 have which is that we're lying about saving data we have
no intention to save.
More information about the whatwg