- From: Jonas Sicking <jonas@sicking.cc>
- Date: Mon, 25 Aug 2014 17:00:43 -0700
- To: Mark Watson <watsonm@netflix.com>
- Cc: Marco Chen <mchen@mozilla.com>, Francois Daoust <fd@w3.org>, "mark a. foltz" <mfoltz@google.com>, Evelyn Hung <ehung@mozilla.com>, John Mellor <johnme@google.com>, "public-webscreens@w3.org" <public-webscreens@w3.org>, Anton Vayvod <avayvod@google.com>, Wesley Johnston <wjohnston@mozilla.com>
On Mon, Aug 25, 2014 at 10:09 AM, Mark Watson <watsonm@netflix.com> wrote: > Let's forget about apps and TVs and just consider regular UAs (one or two of > them): All I am saying is that if the presenting page stores something in > IndexedDB, then next time that same presenting page is loaded on the same UA > it should be able to retrieve the stuff it stored in IndexedDB, unless the > user has cleared it, of course. It had been proposed that IndexedDB is > *always* cleared before a presenting page loads, and that's what I'm > reacting to. > > As far as the controlling and presenting pages are concerned, they should > not be able to distinguish the 1-UA and the 2-UA cases. > > I believe a consequence of this on UAs that support rendering both the > presenting and controlling pages (i.e. a UA that supports the 1-UA case or a > UA that supports both presenting and controlling sides of the 2-UA case) is > that IndexedDB needs to be scoped not just by origin but by the pair ( > origin, presenting | controlling ). I'm fine with allowing the presentation page to persist data across restarts. I don't think that we can mandate it because UAs need to be free to toss out data at will due to security/privacy/storage policies. Another issue is that UAs need to take care not to expose wrong user data. If for example I used the presentation API to look at my facebook feed on a TV, and then my room mate the next day uses his laptop to do the same thing, I think both him and I would be disappointed if the TV showed a jumble of his and my facebook data. We could certainly say that it's the website's responsibility to make sure to clear or separate any stored data if a different user connects. And that if it doesn't do so it's a bug in the website. But I think that would result in a lot of buggy websites. It seems like a reasonable UA policy to make sure that if a new session is established with a different identifier (as pass to requestSession) that data previously created is not used. If this means that the data is deleted, or if the UA keys its storage on not just origin but also on session identifier, seems like a UA decision. / Jonas
Received on Tuesday, 26 August 2014 00:01:41 UTC