- From: Brady Eidson <beidson@apple.com>
- Date: Mon, 05 Nov 2012 09:47:27 -0800
- To: Tobie Langel <tobie@fb.com>
- Cc: Eric U <ericu@google.com>, Kinuko Yasuda <kinuko@chromium.org>, "public-webapps@w3.org WG" <public-webapps@w3.org>
On Nov 5, 2012, at 6:15 AM, Tobie Langel <tobie@fb.com> wrote: > It seems there would/could be value in determining precisely what a > session is I'm not sure we'd be interested in strictly defining what a session is in spec. A "session" - while having spec ramifications - seems very much to be a user-level feature with a lot of flexibility in differentiation between user agents. WebStorage gives a minimal definition of session lifetime that I've grown fond of: "The lifetime of a top-level browsing context (which) can be unrelated to the lifetime of the actual user agent process itself, as the user agent may support resuming sessions after a restart." I'd not be adverse to giving a more fleshed out definition of what happens to session-ey technologies when a session's lifetime is over but further defining requirements for session lifetime should be done with great care. > And/or coming up with an API to allow application developers > to close sessions on a per origin basis and benefit from related > security/privacy guarantees (wiping-out session storage, cookies, etc.). Sites can already clean up individual session-ey nuggets on a case-by-case basis. I'm not sure I like the idea of giving them the nuclear option as they'll just start using that liberally instead of thinking things through. This could cause excess i/o and/or lock contention where such semantics are defined. Thanks, ~Brady
Received on Monday, 5 November 2012 17:48:03 UTC