- From: Drew Wilson <atwilson@google.com>
- Date: Sun, 22 Mar 2009 17:14:40 -0700
- To: Jonas Sicking <jonas@sicking.cc>
- Cc: whatwg@whatwg.org, Discussion of E and other capability languages <e-lang@mail.eros-os.org>, Google Caja Discuss <google-caja-discuss@googlegroups.com>, ServerJS <serverjs@googlegroups.com>, public-html-comments@w3.org
- Message-ID: <f965ae410903221714l2316fc1du85f4a330f84cb54c@mail.gmail.com>
FWIW, I wrote my tests using IE7, not IE8. The original argument I was countering was "browsers currently enforce synchronous access to cookies, so we can't add asynchronous access via workers because that will break existing sites". Clearly, this argument was incorrect, since the core assumption about current browser behavior was wrong - in point of fact, the majority of browsers in use today make no such guarantees. So giving workers access to document.cookies is compatible both with the current language in the spec *and* the current behavior of the majority of browser implementations. That said, if we don't think this behavior is acceptable (and there are good arguments against it), then we should change the spec for cookies to disallow it. -atw On Sat, Mar 21, 2009 at 2:13 PM, Jonas Sicking <jonas@sicking.cc> wrote: > On Fri, Mar 20, 2009 at 3:29 PM, Ian Hickson <ian@hixie.ch> wrote: > > On Sat, 7 Mar 2009, Jonas Sicking wrote: > >> > >> document.cookies can't change in the middle of an execution. I.e. a > >> script like: > >> > >> a = document.cookie; > >> b = document.cookie; > >> alert(a === b); > >> > >> will always show 'true'. > > > > On Mon, 9 Mar 2009, Drew Wilson wrote: > >> > >> Following up on this. I created two pages, one that tests cookies in a > >> loop, and one that sets cookies in a loop, and ran them in separate > >> windows in Firefox 3, IE7, and Chrome. > >> > >> Chrome and IE7 currently allow concurrent modification of > >> document.cookies (i.e. the test loop throws up an alert). Firefox does > >> not. > > > > I do not think there is a problem with providing self.cookie in workers, > > exposing the cookie of the script. However, currently there doesn't seem > > to be much support for this. > > > > What do other browser vendors think of this? > > > > Jonas, given the above information regarding IE's behaviour, do you still > > think that providing such an API in workers is a problem? > > It's the vendors that have exposed their users to this inconsistency > that you should ask. Or maybe sites that use document.cookie a lot and > that have a lot of chrome or IE8 users. Though both of those browsers > might be too new to have received a lot of feedback regarding this. > Note that this is only really a problem on sites that modifies > document.cookie a lot, and where users have multiple tabs open to the > same site. > > Personally I don't see how this couldn't be a problem. The only thing > that'd save us is that cookies are generally not heavily used. But I > bet there are sites out there that do use document.cookie a lot. > > / Jonas >
Received on Monday, 23 March 2009 07:37:34 UTC