[whatwg] Web Storage: apparent contradiction in spec
Jens Alfke
snej at google.com
Mon Aug 31 11:01:01 PDT 2009
On Aug 31, 2009, at 3:11 AM, Ian Hickson wrote:
> We can't treat cookies and persistent storage differently, because
> otherwise we'll expose users to cookie resurrection attacks.
> Maintaining
> the user's expectations of privacy is critical.
The fact that local storage can be used as a type of super-cookie
doesn't mean the two are the same thing. Yes, obviously if I give a
website permission to put 50MB of stuff on my disk, it can use 1k of
that as a type of cookie if it wants. That's just one of many reasons
why user agents should require user approval for letting a domain
access local storage.
That does not mean that the "Delete Cookies" menu command should also
delete local storage. Users often delete cookies to resolve login
issues (I've had to do this with Google websites several times).
Conflating the two can lead to disasters like "I told you to delete my
COOKIES! Not my EMAIL DRAFTS that I was trying to log in to send!"
> So I've removed the text that says that local storage could be user-
> critical.
That's going to come as a shock to developers who were planning to use
it for user-created data (whether drafts of content to be pushed to
the cloud, or strictly-local documents.) Without this, the safe usage
of local storage diminishes to a download cache.
—Jens
More information about the whatwg
mailing list