[whatwg] Web Storage: apparent contradiction in spec
Jens Alfke
snej at google.com
Mon Aug 31 11:50:57 PDT 2009
On Aug 31, 2009, at 11:35 AM, Peter Kasting wrote:
> Again, the spec now says in 4.3: "User agents should expire data
> from the local storage areas only for security reasons or when
> requested to do so by the user." The only stronger statement you
> could get would be by changing this to a "must". It's not clear to
> me that that is going to result in any practical difference on the
> part of implementations or author perception.
If you combine that statement with section 6.1's "User agents should
present the persistent storage feature to the user in a way that does
not distinguish them from HTTP session cookies", then the result is
that, when the user requests to delete cookies from a site, the UA
will also delete that site's local storage. That is exactly the
behavior I am concerned about.
> This sounds like you are either completely ignoring, or disagreeing
> with, my claim that UAs aren't going to be flippant about this data.
If UA's shouldn't treat the data lightly, then I would prefer to see a
statement to that effect in the spec, such as the one that was just
deleted.
Local storage is a significant change from the browser's current data
model, and I think that (no offense) browser developers are not used
to taking care of user-critical data for longer than the duration of a
DOM tree or POST request. It's a change in perspective. Coming as I do
from a client-software world, it's actually an eye-opener to me that
this is even controversial.
—Jens
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090831/bf687e40/attachment.htm>
More information about the whatwg
mailing list