W3C home > Mailing lists > Public > whatwg@whatwg.org > April 2009

[whatwg] Private browsing vs. Storage and Databases

From: Ian Fette <ifette@google.com>
Date: Tue, 7 Apr 2009 17:52:03 -0700
Message-ID: <bbeaa26f0904071752l7812713dic41c017965d1a1e3@mail.gmail.com>
On Tue, Apr 7, 2009 at 5:50 PM, Aryeh Gregor
<Simetrical+w3c at gmail.com<Simetrical%2Bw3c at gmail.com>
> wrote:

> On Tue, Apr 7, 2009 at 8:24 PM, Brady Eidson <beidson at apple.com> wrote:
> > 1 - Disable LocalStorage completely when private browsing is on.  Remove
> it
> > from the DOM completely.
> > 2 - Disable LocalStorage mostly when private browsing is on.  It exists
> at
> > window.localStorage, but is empty and has a 0-quota.
> > 3 - Slide a "fake" LocalStorage object in when private browsing is
> enabled.
> >  It starts empty, changes to it are successful, but it is never written
> to
> > disk.  When private browsing is disabled, all changes to the private
> > browsing proxy are thrown out.
> > 4 - Cover the real LocalStorage object with a private browsing layer.  It
> > starts with all previously stored contents.  Any changes to it are
> pretended
> > to occur, but are never written to disk.  When private browsing is
> disabled,
> > all items revert to the state they were in when private browsing was
> enabled
> > and writing changes to disk is re-enabled.
> > 5 - Treat LocalStorage as read-only when private browsing is on.  It
> exists,
> > and all previously stored contents can be retrieved.  Any attempt to
> > setItem(), removeItem(), or clear() fail.
>
> How are cookies handled right now?  Surely the issues should be pretty
> much the same?
>

In Chrome, basically like option 3. It's a new profile so it starts with no
cookies, cookies can pile up but when the session ends they go away.


>
> > Option 3 is simple to implement and option 4 would difficult to implement
> > efficiently.  Both would lead to bizarre behavior where data that the
> > application thought was saved really wasn't.
>
> I certainly can't think of how 3 could ever cause a problem.  It
> should be the same as the user just logging in from a computer they
> haven't used before, shouldn't it?
>

yes


>
> I'm not certain about 4.  What would be a concrete case where 4 would
> break, but normal use from multiple computers would not?
>
> I don't think 1, 2, or 5 are good ideas, since they make localStorage
> semi-usable at best when privacy mode is enabled.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090407/ed494250/attachment.htm>
Received on Tuesday, 7 April 2009 17:52:03 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:11 UTC