[whatwg] Declarative unload data
Boris Zbarsky
bzbarsky at MIT.EDU
Mon May 7 08:59:58 PDT 2012
On 5/7/12 11:53 AM, Tab Atkins Jr. wrote:
> Yes, definitely (unless you set .withCredentials on it or something,
> like the XHR attribute).
Hold on. If you _do_ set withCredentials, you should be required to
pass the credentials in or something. Under no circumstances would
prompting for credentials for a request associated with an
already-unloaded page be OK from my point of view....
>> A bigger question is whether browsers really want to make it easier to do
>> this or work on getting rid of the ability to phone home at/after unload
>> altogether. My gut reaction every time I see pages doing it is that they're
>> up to no good, and code inspection usually indicates that I'm right: the #1
>> use of this is for persistent user tracking.
>
> That might be, but we won't be *stopping* anything then.
Even if true, we wouldn't be _encouraging_ anything either.
> They can instead, say, switch to just sending requests every 20s or something -
> if they were measuring session duration you still get good accuracy,
> but the total number of requests doesn't go up too much.
True.
And to be clear, I'm not worried about session duration measurements.
Most of the uses I saw of this were either not measuring session
duration, or somehow felt compelled to communicate all sorts of info
about the user and the user's computer to measure session duration.
> The legitimate use-case of doing a final info-squirt at the server to
> save state is reasonable, though
What fraction of the current uses are the legitimate use-case?
e.g. the legitimate use-case for popup windows is also reasonable, yet
browsers have popup blockers.
I suppose browsers can also block this thing by default unless users opt
in...
-Boris
More information about the whatwg
mailing list