Skip to content
This repository has been archived by the owner on May 3, 2022. It is now read-only.

Thoughts on sessionStorage #22

Open
Zirro opened this issue Mar 13, 2018 · 5 comments
Open

Thoughts on sessionStorage #22

Zirro opened this issue Mar 13, 2018 · 5 comments
Labels
addition A proposed new capability api A proposal for changing the API surface

Comments

@Zirro
Copy link

Zirro commented Mar 13, 2018

This proposal only covers async localStorage at the moment, leaving its less common sibling sessionStorage unmentioned. Nevertheless I occasionally see those who recommend using it for handling temporary data.

I'm curious where you stand on this. Could you see it being added as part of this proposal later on? Do you think it should be a separate layered API? Or has the use case for sessionStorage proven small enough that it may not be justified at all?

@domenic
Copy link
Collaborator

domenic commented Mar 16, 2018

Somewhat similar to #21, the issue here is again that:

  • We don't think sessionStorage is being used much
  • This is somewhat confirmed by none of the existing localStorage-but-better libraries having a replacement for it
  • But, we don't have any hard data

One point worth discussing though is that I'm not sure how to build a SessionStorage replacement yourself. I.e., when do you call clear()? There's no "new session" notification I'm aware of.

@domenic domenic added api A proposal for changing the API surface addition A proposed new capability labels Mar 16, 2018
@Zirro
Copy link
Author

Zirro commented Mar 16, 2018

I agree that sessionStorage is likely seeing little use now, but this might be due to a lack of knowledge about the implications or alternatives to localStorage. With stricter privacy laws such as the GDPR coming into play and requiring more careful handling of data, this might change soon.

There's no "new session" notification I'm aware of.

The data would ideally be cleared at the end of a session rather than when a new one begins, in order to protect against someone else who has access to the machine. I recognise that this might not be possible without new low-level capabilities, though.

Alternatively, a spec like https://github.com/w3c/webappsec-clear-site-data might be able to provide a mechanism which can clear data at the end of a session (or just keeps it in memory at all times), in which case there would be no need for the storage API itself to cover it.

@Zirro
Copy link
Author

Zirro commented Mar 16, 2018

So, this would probably need whatwg/storage#11 (or w3c/IndexedDB#205, with a session-based rather than time-based option) to be resolved, for this to be possible to implement as a layered API.

I still think it would be nice to keep in mind a potential expansion of the API which could allow for this in the future, by passing an options object to the StorageArea constructor or a third argument to set(), for example. But otherwise - if the low-level capabilities for this just aren't there now - there might not be much left to discuss here at the moment.

@Krinkle
Copy link

Krinkle commented Mar 17, 2018

Wikipedia's abstraction around Web Storage does support both sessionStorage and localStorage.
And we use these a fair bit (wm/codesearch, gh/codesearch).

https://doc.wikimedia.org/mediawiki-core/REL1_30/js/#!/api/mw.storage
https://doc.wikimedia.org/mediawiki-core/REL1_30/js/#!/api/mw.storage.session
https://doc.wikimedia.org/mediawiki-core/REL1_30/js/#!/api/mw.SafeStorage

Source code: https://github.com/wikimedia/mediawiki/blob/1.30.0/resources/src/mediawiki/mediawiki.storage.js

@developit
Copy link

Just wanted to drop an idea here that came to me in another discussion about sessionStorage and a possible analog within async-local-storage

  • Export a sessionStorage analog as a second instance of StorageArea like we do with storage.
  • Expose a { session: true } option to the StorageArea constructor.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
addition A proposed new capability api A proposal for changing the API surface
Projects
None yet
Development

No branches or pull requests

4 participants