- From: Bil Corry <bil@corry.biz>
- Date: Fri, 12 Dec 2008 17:30:05 -0600
Ian Hickson wrote on 12/12/2008 5:11 PM: > On Fri, 12 Dec 2008, Bil Corry wrote: >>> Why do session cookies not address this already? >> They do to some extent. You can choose to make the session life >> shorter, increasing security but potentially logging the user out before >> they're ready OR you can choose to make the session life longer, >> decreasing security but allowing the user more time. > > I don't mean short cookie times, I mean literally session cookies, that > expire at the end of the session. But don't they persist until the entire browser is closed? They'd be perfect if they were removed once all tabs/windows to the site were closed. > sessionStorage (from HTML5) might also help with this; it's limited to > the lifetime of the tab that it was used in. That could work too. >> Or maybe it'd be better if non-persistent cookies are removed once the >> user no longer has an open tab to the site, instead of using a >> JavaScript-based solution. > > This could be done now; I recommend bringing this up with browser vendors > as a feature request. Thanks, it may be something to pursue. - Bil
Received on Friday, 12 December 2008 15:30:05 UTC