- From: Xiaohan Wang via GitHub <noreply@w3.org>
- Date: Tue, 05 May 2026 07:52:48 +0000
- To: public-html-media@w3.org
xhwang-chromium has just created a new issue for https://github.com/w3c/encrypted-media: == MediaKeySession.load() updates session state even when session is not found == _Created with the help of AI._ ## Problem Description The algorithm for `MediaKeySession.load()` in Section 11.2 contains a logic error where it proceeds to update the session object's internal state even if the requested session data is not found in storage. According to the specification (Step 8): > 8. Use the cdm to execute the following steps: > 8.1. If there is no data stored for the sanitized session ID in the origin, resolve promise with false and abort these steps. > ... > 9. Queue a task to run the following steps: > 9.1 If any of the preceding steps failed, reject promise with the appropriate [error name](https://www.w3.org/TR/encrypted-media/#error-names). > 9.2. Set the MediaKeySession.sessionId attribute to sanitized session ID. > 9.3. Set this object's callable value to true. > ... ## Discussion When no session data is found, Step 8.1 correctly resolves the promise with false and "aborts these steps." However, in the context of nested algorithm steps, "abort these steps" can be interpreted as only aborting the sub-steps of 8 (the "Use the cdm..." block). Consequently, the algorithm proceeds to Step 9, which queues a task to update the session state. This leads to several incorrect observable states despite the operation "failing" (returning false): 1. **sessionId is updated**: The `sessionId` attribute is set to the requested ID, even though no such session exists or was loaded. 2. **callable becomes true**: The session is marked as callable, incorrectly allowing applications to call methods like `update()` or `remove()` on a non-existent session. This behavior is inconsistent with the intended design of `load()`, which should only populate the session object if the data is successfully retrieved. ## Suggested Fix Clarify the flow control in Step 8.11.1 to ensure the entire algorithm is aborted. Use the phrasing established elsewhere in the specification (e.g., in `requestMediaKeySystemAccess()`): > 8.11.1. If there is no data stored for the sanitized session ID in the origin, resolve promise with false and **abort the parallel steps of this algorithm.** ## Supporting Links * [MediaKeySession.load() algorithm](https://www.w3.org/TR/encrypted-media/#dom-mediakeysession-load) * [requestMediaKeySystemAccess() parallel abort pattern](https://www.w3.org/TR/encrypted-media/#dom-navigator-requestmediakeysystemaccess) (Step 7.3.3.2) Please view or discuss this issue at https://github.com/w3c/encrypted-media/issues/590 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 5 May 2026 07:52:49 UTC