- From: Jens Alfke <snej@google.com>
- Date: Mon, 31 Aug 2009 11:50:57 -0700
On Aug 31, 2009, at 11:35 AM, Peter Kasting wrote: > Again, the spec now says in 4.3: "User agents should expire data > from the local storage areas only for security reasons or when > requested to do so by the user." The only stronger statement you > could get would be by changing this to a "must". It's not clear to > me that that is going to result in any practical difference on the > part of implementations or author perception. If you combine that statement with section 6.1's "User agents should present the persistent storage feature to the user in a way that does not distinguish them from HTTP session cookies", then the result is that, when the user requests to delete cookies from a site, the UA will also delete that site's local storage. That is exactly the behavior I am concerned about. > This sounds like you are either completely ignoring, or disagreeing > with, my claim that UAs aren't going to be flippant about this data. If UA's shouldn't treat the data lightly, then I would prefer to see a statement to that effect in the spec, such as the one that was just deleted. Local storage is a significant change from the browser's current data model, and I think that (no offense) browser developers are not used to taking care of user-critical data for longer than the duration of a DOM tree or POST request. It's a change in perspective. Coming as I do from a client-software world, it's actually an eye-opener to me that this is even controversial. ?Jens -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090831/bf687e40/attachment.htm>
Received on Monday, 31 August 2009 11:50:57 UTC