[Webkit-unassigned] [Bug 237350] Web App Added to Home Screen Cookies Deleted After 7 Days
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Mar 8 19:29:50 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=237350
--- Comment #7 from John Wilander <wilander at apple.com> ---
(In reply to ben from comment #5)
> Ok, just confirming my understanding, the WebKit policy overrides/caps the
> expiry setting on all JS script-written cookies, no matter the domain or
> installed status of the app, to 7 days. So, if I create the auth token
> cookie from the server-side as HttpOnly and set expiry to say 28 days then
> this will be honoured?
Yes.
> Then any other client-side cookies I have I should write this data into my
> IndexedDB database or localstorage to preserve them as these storage types
> have no explicit expiry date other than the 7 day non-interaction policy. Is
> this right? Or will they be preserved beyond 7 days as long as the app is
> installed to the Home screen?
You don’t have to but you can. In shipping software, there’s no cap on the expiry of server-set first-party cookies.
However, browsers have reached consensus on a ~400-day expiry cap on all cookies. I can only assume that the ~400-cap will in some form apply to HTML storage too. None of those caps are shipping though.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220309/739e8f01/attachment.htm>
More information about the webkit-unassigned
mailing list