[whatwg] Private browsing vs. Storage and Databases

Aryeh Gregor Simetrical+w3c at gmail.com
Wed Apr 8 06:42:58 PDT 2009


2009/4/7 Jonas Sicking <jonas at sicking.cc>:
> I do agree that the difference is subtle. But I do think there is a
> general perception that cookies are more volatile than localStorage.
> In fact, I think localStorage was invented partially because of this.

In what way is localStorage less volatile?  Practically speaking, if a
site sets an unlimited-duration cookie, that cookie will persist until
either 1) the user uses a different computer (or a different profile
or a different OS install or a different browser), or 2) the user
manually clears the cookie (or some antivirus program or whatever does
on their behalf).  In case (1), localStorage will also be cleared.  In
case (2), localStorage will also be cleared (unless you think the user
will clear cookies but not localStorage for some reason -- I can't
think of any reason for this except bad UI or bugs).

There are plenty of sites out there that rely on cookies' stability.
For instance, the popular vBulletin software uses cookies for storing
certain preferences even for logged-in users.  If cookies get reset,
you have to respecify those preferences.  It doesn't happen often.

The advantage of localStorage is, as far as I can tell, purely that it
doesn't get sent back to the server on every request.  This allows it
to contain much larger objects than cookies.  It can serve as an
effective *cache*, but applications can't feasibly rely on it to be
really persistent, since users use different computers.

What applications can you conceive of that would run into problems if
privacy mode gave them a blank localStorage that gets dumped
afterwards, but would still function correctly when a user uses
multiple computers?


More information about the whatwg mailing list