[Webkit-unassigned] [Bug 157010] QuotaExceededError when saving to localStorage in private mode - leaks users browsing preference

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Apr 28 09:48:12 PDT 2016


--- Comment #11 from Brady Eidson <beidson at apple.com> ---
(In reply to comment #7)
> Also, re:permanent storage. From the page author's point of view, they can
> only judge permanence of storage per user, which they can alternatively
> track via cookies. So, resetting localStorage when cookies are reset (as
> when they close private mode) makes sense.

We thought about this very carefully when we implemented localStorage for the browser before anybody but the Gears plugin

Cookies are a completely different class of storage from localStorage.

Browsers are allowed to make all cookies session cookies, ditch cookies in FIFO order to make room for new ones, ditch big cookies first, ditch cookies in any arbitrary order, decide not to store a cookie "just because it looks weird", etc etc, and still match the spirit of the spec.

LocalStorage was meant to be durable.

All of this said, it's a shame that none of the other browsers considered this the same way.

Note, I'm not *defending* how our behavior reveals private browsing state. Of course that's terrible.

I am lamenting that nobody worked together to try to come up with something better.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160428/b172bc23/attachment.html>

More information about the webkit-unassigned mailing list