[whatwg] Web Storage: apparent contradiction in spec

Peter Kasting pkasting at google.com
Wed Sep 2 11:36:43 PDT 2009

On Wed, Sep 2, 2009 at 11:08 AM, Jens Alfke <snej at google.com> wrote:

> On Aug 31, 2009, at 12:04 PM, Peter Kasting wrote:
> If you combine that statement with section 6.1's "User agents should
>> present the persistent storage feature to the user in a way that does not
>> distinguish them from HTTP session cookies", then the result is that, when
>> the user requests to delete cookies from a site, the UA will also delete
>> that site's local storage. That is *exactly* the behavior I am concerned
>> about.
> That's not true.  You're misinterpreting a statement about the granularity
> of control users should have as one about what terminology a UA should use.
> The [lack of] granularity of control actually is a serious concern,
> whatever the terminology.

It still seems like you are interpreting this statement as saying that the
UA must not allow users to keep/clear cookies separately from Local Storage
data.  While on the face of it that seems like a possible interpretation, I
think it's clear that this would be a lousy user experience and detrimental
to developers as well.  Therefore I am convinced that the intent of the
statement is to say that UAs must give users the same _abilities_ to see and
clear Local Storage data as they already have with cookies, not that the two
things should always be lumped together and made indistinguishable.

Of course, Hixie could step in here and clarify what he means.  But if he
really means what you think he means (that users must not be able to tell a
difference or control the two separately) then that seems like obvious
grounds for a revolt.

> The spec already recommends a bunch of things about what users should be
> shown w.r.t. Local Storage, such as how much space a site is using, so it's
> clear that a UA that wants to comply with this "should" is going to need to
> construct UI that doesn't just use the word "cookies" everywhere but
> actually presents the data as "here's your locally stored data for this
> site" with local storage content enumerated.  Users won't be given a prompt
> that says "clear cookies" that, confusingly, clears more than cookies;
> they'll be given a prompt like "clear all locally stored data".
> The command will have to say something about cookies or it'll confuse
> anyone but an HTML5 expert. It'd have to be more like "Clear cookies and
> other locally stored data".

In general UAs should have separate checkboxes for these on their "clear
private data" UIs.

The fundamental problem here is that *some uses of local storage are nothing
> at all like cookies*, for the same reason that ~/Documents is not the same
> as ~/Library/Caches.

Yes, this is precisely why UAs should present them separately.

In the example I gave, the user needs to delete cookies for a site, but
> absolutely should not delete local storage. For the spec to tell browser
> developers to present the two as being the same thing makes no sense here.

See comment above.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090902/edf8c646/attachment-0002.htm>

More information about the whatwg mailing list