<div class="gmail_quote">On Tue, Apr 7, 2009 at 6:10 PM, Brady Eidson <span dir="ltr"><<a href="mailto:beidson@apple.com" target="_blank">beidson@apple.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word"><br><div><div><div>On Apr 7, 2009, at 6:04 PM, Ian Fette ($B%$%"%s%U%'%C%F%#(B) wrote:</div><br></div><blockquote type="cite"><div class="gmail_quote"><div>2009/4/7 Jonas Sicking <span dir="ltr"><<a href="mailto:jonas@sicking.cc" target="_blank">jonas@sicking.cc</a>></span></div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div> <br> </div><div>I do agree that there's still need for storing data while in private<br> browsing mode. So I do think it makes a lot of sense for<br>
.sessionStorage to keep working.<br> <br> But I do have concerned about essentially telling a website that we'll<br> store the requested data, only to drop it on the floor as soon as the<br> user exits private browsing mode (or crashes).<br>
<font color="#888888"><br> / Jonas<br> </font></div></blockquote></div><div><br><div>Doesn't the website have to handle that anyways? I mean, I assume that all the browsers are going to allow users some way to "manage" this stuff, much like cache/cookies - e.g. you have to assume that at some point in time the user is going to blow you away. (Especially on mobile devices where space is more of a premium...)</div>
</div></blockquote><div><br></div>Caches are always assumed to be temporary and recoverable, and cookies have severe size and lifetime limitations placed on them (ie - the User Agent can never be excepted to keep cookies around for any predictable lifetime, per the cookies spec).</div>
<div><br></div><div>LocalStorage and Databases are expected to be persistent unless a script or the user explicitly removes them. They're more like files, where arbitrarily misplacing them is unacceptable.</div><div>
<br></div><div>~Brady<br></div></div></blockquote></div><br><div><br></div><div>Just to clarify: Chrome's "incognito mode" means--is defined as--starting from a clean slate (as if you started browsing for the first time on a new computer), and when you exit incognito mode, the accumulated data is discarded. That's all there is to it. The behavior of LocalStorage and Database in this mode is deduced easily from that definition.</div>
<div><br></div><div>I think it is fine if other browsers define privacy modes differently.</div><div><br></div><div>While it might be nice (for web app developers perhaps?) if we all agreed on the same definition here, I don't think it really matters. Chrome's behavior is just simulating a possible user behavior (create new profile, browse, destroy profile on exit). It is similar to Firefox's "clear all data on exit" option if combined with a fresh profile via the --profile command line switch. The main difference is that we try to avoid writing data to disk while the incognito session is active so that if we crash, we don't end up with persisted data.</div>
<div><br></div><div>Regards,</div><div>-Darin</div>