W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2009

[whatwg] Worker and message port feedback

From: Drew Wilson <atwilson@google.com>
Date: Sun, 22 Mar 2009 17:14:40 -0700
Message-ID: <f965ae410903221714l2316fc1du85f4a330f84cb54c@mail.gmail.com>
FWIW, I wrote my tests using IE7, not IE8.
The original argument I was countering was "browsers currently enforce
synchronous access to cookies, so we can't add asynchronous access via
workers because that will break existing sites". Clearly, this argument was
incorrect, since the core assumption about current browser behavior was
wrong - in point of fact, the majority of browsers in use today make no such
guarantees. So giving workers access to document.cookies is compatible both
with the current language in the spec *and* the current behavior of the
majority of browser implementations.

That said, if we don't think this behavior is acceptable (and there are good
arguments against it), then we should change the spec for cookies to
disallow it.

-atw

On Sat, Mar 21, 2009 at 2:13 PM, Jonas Sicking <jonas at sicking.cc> wrote:

> On Fri, Mar 20, 2009 at 3:29 PM, Ian Hickson <ian at hixie.ch> wrote:
> > On Sat, 7 Mar 2009, Jonas Sicking wrote:
> >>
> >> document.cookies can't change in the middle of an execution. I.e. a
> >> script like:
> >>
> >> a = document.cookie;
> >> b = document.cookie;
> >> alert(a === b);
> >>
> >> will always show 'true'.
> >
> > On Mon, 9 Mar 2009, Drew Wilson wrote:
> >>
> >> Following up on this. I created two pages, one that tests cookies in a
> >> loop, and one that sets cookies in a loop, and ran them in separate
> >> windows in Firefox 3, IE7, and Chrome.
> >>
> >> Chrome and IE7 currently allow concurrent modification of
> >> document.cookies (i.e. the test loop throws up an alert). Firefox does
> >> not.
> >
> > I do not think there is a problem with providing self.cookie in workers,
> > exposing the cookie of the script. However, currently there doesn't seem
> > to be much support for this.
> >
> > What do other browser vendors think of this?
> >
> > Jonas, given the above information regarding IE's behaviour, do you still
> > think that providing such an API in workers is a problem?
>
> It's the vendors that have exposed their users to this inconsistency
> that you should ask. Or maybe sites that use document.cookie a lot and
> that have a lot of chrome or IE8 users. Though both of those browsers
> might be too new to have received a lot of feedback regarding this.
> Note that this is only really a problem on sites that modifies
> document.cookie a lot, and where users have multiple tabs open to the
> same site.
>
> Personally I don't see how this couldn't be a problem. The only thing
> that'd save us is that cookies are generally not heavily used. But I
> bet there are sites out there that do use document.cookie a lot.
>
> / Jonas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090322/94106379/attachment-0001.htm>
Received on Sunday, 22 March 2009 17:14:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:47:49 GMT