[whatwg] AppCache can't serve different contents for different users at the same URL

[Aaron Whyte]

Most apps provide different contents for the same uncacheable main-page URL,
depending on the identity of the user, which is typically stored in a cookie
and read by the server.
However, the HTML5 AppCache spec doesn't allow cookies to influence the
choice of AppCaches or the contents of a response returned by the cache.

This makes it a lot harder, but not impossible, for developers of existing
apps to start using AppCache, while still supporting multiple users per
browser or browser profile.

Without changing the user-visible URL structure of an app, developers might
support multiple users, by replacing their server-generated user-specific
main page, with a generic cacheable JS app that does this:
1) Establish the user's identity using a cookie, or a database record, or a
session key-value store.
2) If the user can be identified, load the user-specific resources (JS, CSS,
data, etc.) from the network and/or local storage, possibly including a
separate AppCache with user-specific or fingerprint-specific URLs.
 Otherwise, load the unknown-user version or a login page.

That'd be a complete restructuring of the main page, but it's possible.  I
suspect that this is the model the AppCache was designed to support.

A more radical change to existing apps, and app design in general, would be
to include account-identifying information in the user-visible URL.  The
main page could redirect users to their user-specific page or the
unknown-user page.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090714/74955de8/attachment.htm>