Re: [ServiceWorker] Add cookie accessor/setter methods? (#707)

In a Worker I can write a 10 minute polyfill for all APIs described in this
thread by sending a message to the owning document. There is no comparable
polyfill for SWs.

As of now cookies are the only mechanism that allow for cross sub domain
login state propagation and they are used for this use case with little
alternative on the horizon. When a SW is offline there is currently no good
way for it to find out whether the stored offline content still belongs to
the session the user is logged into.

E.g. you lock into foo.slack.com as user X. At the end of the session you
go to slack.com and logout. Now the next person goes to this internet cafe
work station and goes to foo.slack.com – they should not see stored offline
content for user X. For all hosts that have N sub domains governed by a
single login session (which is at least true for all big online properties)
there is currently no scalable way to get rid of SWs on all those sub
domains on central logout.

Comparing a cookie value stored in IndexedDB to the actual cookie value is
a straight forward way to discard a cache with a few lines of code that has
high confidence to be correct and is not subject to questionable timing
(such as opening N iframes that spawn M > N SWs to delete themselves).

On Tue, Jun 9, 2015 at 10:12 PM Anne van Kesteren <notifications@github.com>
wrote:

> Alternately we can just say that cookies are stupid and putting lipstick
> on that pig is not a good idea.
>
> Given that we so far did not introduce them in workers I think that might
> be okay. Just use cookies as synchronization token, and that's it...
>
> —
> Reply to this email directly or view it on GitHub
> <https://github.com/slightlyoff/ServiceWorker/issues/707#issuecomment-110591459>
> .
>


---
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/707#issuecomment-110756116

Received on Wednesday, 10 June 2015 13:37:46 UTC