[Webkit-unassigned] [Bug 168631] New: Non-persistent third party iframe localStorage

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=168631

            Bug ID: 168631
           Summary: Non-persistent third party iframe localStorage
    Classification: Unclassified
           Product: WebKit
           Version: Safari 10
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: malteubl at google.com

Safari behaves differently for localStorage accessed in third party context compared to other browsers in 2 fundamental ways:

1. Storage is scoped to the entire chain of iframes.
2. Storage is non-persistent. Data is deleted when browsers exit.

#1 seems great and working as intended, but while talking with John Wilander on Twitter we were wondering if #2 might be a bug. (https://twitter.com/johnwilander/status/833462485592125441)

Here is a simple test case http://output.jsbin.com/siwulo/1/quiet

- Press +1 a few times
- Hit reload. Observe that count is kept.
- Restart Safari (Desktop or iOS)
- Load page again. Observe that count is 0 again.

Is this behavior intended? On Desktop where Safari may be running for many months and on mobile where it is very unpredictable when it restarts, this seems unpredictable with little actual privacy benefit.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170221/bf273bb9/attachment.html>