[whatwg] Persistent storage is critically flawed. from Martijn on 2006-08-28 (public-whatwg-archive@w3.org from August 2006)

From: Martijn <martijn.martijn@gmail.com>
Date: Mon, 28 Aug 2006 13:31:46 +0200
Message-ID: <6c97b8b10608280431w55960cf3s887703c57dc5024b@mail.gmail.com>

On 8/28/06, Jim Ley <jim.ley at gmail.com> wrote:
> On 28/08/06, Shannon Baker <shannon at arc.net.au> wrote:
> > I accept tracking is inevitable but we
> > shouldn't be making it easier either.
>
> You have to remember that the WHAT-WG individual is a Google employee,
> a company that now relies on accurate tracking of details, so don't be
> surprised that any proposal makes tracking easier and harder to
> circumvent.

Well, if the WHAT-WG individual wasn't a Google employee, but an
employee from Microsoft or Mozilla or Opera or any random government,
would that change the above text? I don't think so. So I don't think
that text is implying much, otherwise than there aren't very much
'neutral' organizations involved in writing specifications for the
web.

> It's probably a design requirement, of course like all WHAT-WG stuff,
> there is no explanation of the problems that are attempting to be
> solved with any of the stuff, so it's impossible to really know.

From:
http://www.whatwg.org/specs/web-apps/current-work/#introduction2
"
The first is designed for scenarios where the user is carrying out a
single transaction, but could be carrying out multiple transactions in
different windows at the same time.

Cookies don't really handle this case well. For example, a user could
be buying plane tickets in two different windows, using the same site.
If the site used cookies to keep track of which ticket the user was
buying, then as the user clicked from page to page in both windows,
the ticket currently being purchased would "leak" from one window to
the other, potentially causing the user to buy two tickets for the
same flight without really noticing.
"

and:
"
The second storage mechanism is designed for storage that spans
multiple windows, and lasts beyond the current session. In particular,
Web applications may wish to store megabytes of user data, such as
entire user-authored documents or a user's mailbox, on the clientside
for performance reasons.

Again, cookies do not handle this case well, because they are
transmitted with every request.
"

That seem to me two use cases of  problems that are attempting to be
solved, not?

Regards,
Martijn

> Jim.
>

Received on Monday, 28 August 2006 04:31:46 UTC