[whatwg] Proposal: HTTP Headers + sessionStorage stored session-ID

Ian Hickson ian at hixie.ch
Fri Dec 6 11:04:57 PST 2013


On Thu, 31 Oct 2013, Kyle Simpson wrote:
>
> Session cookies are preserved at the browser-level, which means they are 
> kept around for the lifetime of the browser instance. sessionStorage, 
> OTOH, is kept only for the lifetime of the tab. In many respects, this 
> makes sessionStorage more desirable for session-based tracking.
> 
> 2. As a consequence of #1, the most pertinent difference is 
> sessionStorage based session-IDs being attached to an individual tab 
> rather than the browser. This means if I open up two tabs to the same 
> site, and I use session cookies, then both tabs share the same session 
> (can be useful or can be very annoying).
> 
> But with a sessionStorage based approach, the two tabs have two entirely 
> separate sessions and operate independently. They can share storage 
> through localStorage, if so desired, and even communicate with 
> StorageEvents. But they can be separate if they want by relying on 
> sessionStorage.
> 
> In particular, #2 is a big win (IMO) for session-based architecture (as 
> well as UX) and I often now design my systems with this particular 
> behavior intentionally relied upon.

I've filed this bug to track this problem:

   https://www.w3.org/Bugs/Public/show_bug.cgi?id=24024

If any implementors want to implement this and thus would like this 
specced, please do comment on the bug.

Cheers,
-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'


More information about the whatwg mailing list