[whatwg] Web Storage: apparent contradiction in spec

Jens Alfke snej at google.com
Mon Aug 31 11:01:01 PDT 2009


On Aug 31, 2009, at 3:11 AM, Ian Hickson wrote:

> We can't treat cookies and persistent storage differently, because
> otherwise we'll expose users to cookie resurrection attacks.  
> Maintaining
> the user's expectations of privacy is critical.

The fact that local storage can be used as a type of super-cookie  
doesn't mean the two are the same thing. Yes, obviously if I give a  
website permission to put 50MB of stuff on my disk, it can use 1k of  
that as a type of cookie if it wants. That's just one of many reasons  
why user agents should require user approval for letting a domain  
access local storage.

That does not mean that the "Delete Cookies" menu command should also  
delete local storage. Users often delete cookies to resolve login  
issues (I've had to do this with Google websites several times).  
Conflating the two can lead to disasters like "I told you to delete my  
COOKIES! Not my EMAIL DRAFTS that I was trying to log in to send!"

> So I've removed the text that says that local storage could be user- 
> critical.

That's going to come as a shock to developers who were planning to use  
it for user-created data (whether drafts of content to be pushed to  
the cloud, or strictly-local documents.) Without this, the safe usage  
of local storage diminishes to a download cache.

—Jens


More information about the whatwg mailing list