W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2012

Re: [quota-api] Need for session storage type

From: Brady Eidson <beidson@apple.com>
Date: Mon, 05 Nov 2012 09:47:27 -0800
Cc: Eric U <ericu@google.com>, Kinuko Yasuda <kinuko@chromium.org>, "public-webapps@w3.org WG" <public-webapps@w3.org>
Message-id: <09E58F86-56A7-4EEF-BA67-70A0BA032295@apple.com>
To: Tobie Langel <tobie@fb.com>

On Nov 5, 2012, at 6:15 AM, Tobie Langel <tobie@fb.com> wrote:

> It seems there would/could be value in determining precisely what a
> session is

I'm not sure we'd be interested in strictly defining what a session is in spec.  A "session" - while having spec ramifications - seems very much to be a user-level feature with a lot of flexibility in differentiation between user agents.

WebStorage gives a minimal definition of session lifetime that I've grown fond of:  "The lifetime of a top-level browsing context (which) can be unrelated to the lifetime of the actual user agent process itself, as the user agent may support resuming sessions after a restart."

I'd not be adverse to giving a more fleshed out definition of what happens to session-ey technologies when a session's lifetime is over but further defining requirements for session lifetime should be done with great care.

> And/or coming up with an API to allow application developers
> to close sessions on a per origin basis and benefit from related
> security/privacy guarantees (wiping-out session storage, cookies, etc.).

Sites can already clean up individual session-ey nuggets on a case-by-case basis.

I'm not sure I like the idea of giving them the nuclear option as they'll just start using that liberally instead of thinking things through.  This could cause excess i/o and/or lock contention where such semantics are defined.

Thanks,
~Brady
Received on Monday, 5 November 2012 17:48:03 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:55 GMT