- From: Ian Hickson <ian@hixie.ch>
- Date: Fri, 6 Dec 2013 19:04:57 +0000 (UTC)
- To: Kyle Simpson <getify@gmail.com>, David Bruant <bruant.d@gmail.com>
- Cc: "whatwg@whatwg.org" <whatwg@whatwg.org>
On Thu, 31 Oct 2013, Kyle Simpson wrote: > > Session cookies are preserved at the browser-level, which means they are > kept around for the lifetime of the browser instance. sessionStorage, > OTOH, is kept only for the lifetime of the tab. In many respects, this > makes sessionStorage more desirable for session-based tracking. > > 2. As a consequence of #1, the most pertinent difference is > sessionStorage based session-IDs being attached to an individual tab > rather than the browser. This means if I open up two tabs to the same > site, and I use session cookies, then both tabs share the same session > (can be useful or can be very annoying). > > But with a sessionStorage based approach, the two tabs have two entirely > separate sessions and operate independently. They can share storage > through localStorage, if so desired, and even communicate with > StorageEvents. But they can be separate if they want by relying on > sessionStorage. > > In particular, #2 is a big win (IMO) for session-based architecture (as > well as UX) and I often now design my systems with this particular > behavior intentionally relied upon. I've filed this bug to track this problem: https://www.w3.org/Bugs/Public/show_bug.cgi?id=24024 If any implementors want to implement this and thus would like this specced, please do comment on the bug. Cheers, -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 6 December 2013 19:05:22 UTC