[whatwg] Proposal: HTTP Headers + sessionStorage stored session-ID
Ian Hickson
ian at hixie.ch
Fri Dec 6 11:04:57 PST 2013
On Thu, 31 Oct 2013, Kyle Simpson wrote:
>
> Session cookies are preserved at the browser-level, which means they are
> kept around for the lifetime of the browser instance. sessionStorage,
> OTOH, is kept only for the lifetime of the tab. In many respects, this
> makes sessionStorage more desirable for session-based tracking.
>
> 2. As a consequence of #1, the most pertinent difference is
> sessionStorage based session-IDs being attached to an individual tab
> rather than the browser. This means if I open up two tabs to the same
> site, and I use session cookies, then both tabs share the same session
> (can be useful or can be very annoying).
>
> But with a sessionStorage based approach, the two tabs have two entirely
> separate sessions and operate independently. They can share storage
> through localStorage, if so desired, and even communicate with
> StorageEvents. But they can be separate if they want by relying on
> sessionStorage.
>
> In particular, #2 is a big win (IMO) for session-based architecture (as
> well as UX) and I often now design my systems with this particular
> behavior intentionally relied upon.
I've filed this bug to track this problem:
https://www.w3.org/Bugs/Public/show_bug.cgi?id=24024
If any implementors want to implement this and thus would like this
specced, please do comment on the bug.
Cheers,
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list