hixie: Allow UAs to opt out of the storage mutex and corrupt data instead of being slow. (whatwg r6368) from poot on 2011-08-04 (public-html-diffs@w3.org from August 2011)

From: poot <cvsmail@w3.org>
Date: Thu, 04 Aug 2011 17:41:57 -0400
To: public-html-diffs@w3.org
Message-Id: <E1Qp5fx-0004AN-Kt@jay.w3.org>

hixie: Allow UAs to opt out of the storage mutex and corrupt data
instead of being slow. (whatwg r6368)

http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.5087&r2=1.5088&f=h
http://html5.org/tools/web-apps-tracker?from=6367&to=6368

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.5087
retrieving revision 1.5088
diff -u -d -r1.5087 -r1.5088
--- Overview.html 4 Aug 2011 21:29:32 -0000 1.5087
+++ Overview.html 4 Aug 2011 21:41:47 -0000 1.5088
@@ -49158,11 +49158,27 @@
   was queued; if the task was queued by or for a <a href="#concept-script" title="concept-script">script</a> then the document is the
   <a href="#script-s-document">script's document</a>.</p>
 
-  <p>A user agent is required to have one <dfn id="storage-mutex">storage
-  mutex</dfn>. This mutex is used to control access to shared state
-  like cookies. At any one point, the <a href="#storage-mutex">storage mutex</a> is
-  either free, or owned by a particular <a href="#event-loop">event loop</a> or
-  instance of the <a href="#fetch" title="fetch">fetching</a> algorithm.</p>
+  <p>A user agent may have one <dfn id="storage-mutex">storage mutex</dfn>. This mutex is
+  used to control access to shared state like cookies. At any one
+  point, the <a href="#storage-mutex">storage mutex</a> is either free, or owned by a
+  particular <a href="#event-loop">event loop</a> or instance of the <a href="#fetch" title="fetch">fetching</a> algorithm.</p>
+
+  <p>If a user agent does not implement a <a href="#storage-mutex">storage mutex</a>,
+  it is exempt from implementing the requirements that require it to
+  acquire or release it.</p>
+
+  <p class="note">User agent implementors have to make a choice
+  between two evils. On the one hand, not implementing the storage
+  mutex means that there is a risk of data corruption: a site could,
+  for instance, try to read a cookie, increment its value, then write
+  it back out, using the new value of the cookie as a unique
+  identifier for the session; if the site does this twice in two
+  different browser windows at the same time, it might end up using
+  the same "unique" identifier for both sessions, with potentially
+  disastrous effects. On the other hand, implementing the storage
+  mutex has potentially serious performance implications: whenever a
+  site uses Web Storage or cookies, all other sites that try to use
+  Web Storage or cookies are blocked until the first site finishes.</p>
 
   <p>Whenever a <a href="#concept-script" title="concept-script">script</a> calls into
   a <a href="#plugin">plugin</a>, and whenever a <a href="#plugin">plugin</a> calls into

Received on Thursday, 4 August 2011 21:42:03 UTC