[whatwg] Web Storage: apparent contradiction in spec

[Jens Alfke]

On Aug 31, 2009, at 11:35 AM, Peter Kasting wrote:

> Again, the spec now says in 4.3: "User agents should expire data  
> from the local storage areas only for security reasons or when  
> requested to do so by the user."  The only stronger statement you  
> could get would be by changing this to a "must".  It's not clear to  
> me that that is going to result in any practical difference on the  
> part of implementations or author perception.

If you combine that statement with section 6.1's "User agents should  
present the persistent storage feature to the user in a way that does  
not distinguish them from HTTP session cookies", then the result is  
that, when the user requests to delete cookies from a site, the UA  
will also delete that site's local storage. That is exactly the  
behavior I am concerned about.

> This sounds like you are either completely ignoring, or disagreeing  
> with, my claim that UAs aren't going to be flippant about this data.

If UA's shouldn't treat the data lightly, then I would prefer to see a  
statement to that effect in the spec, such as the one that was just  
deleted.

Local storage is a significant change from the browser's current data  
model, and I think that (no offense) browser developers are not used  
to taking care of user-critical data for longer than the duration of a  
DOM tree or POST request. It's a change in perspective. Coming as I do  
from a client-software world, it's actually an eye-opener to me that  
this is even controversial.

—Jens
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090831/bf687e40/attachment-0002.htm>