(In reply to Chris Peterson [:cpeterson] from comment #9)
(In reply to Andrei Lazar from comment #8)
I thought on desktop it's easier to differentiate them through the scope and I find it a bit confusing that on mobile the session scope it's more like "app session" rather than "tab session" or "normal/private" session, and I'm saying this because this is going to lead to unwanted behaviors, something like setting a permission in private mode (with session scope) is going to be remembered when you go back on normal mode. I don't think I can find a better approach without investing a significant amount of time. The current implementation (which got rejected) is that your choice ("allow/don't allow") is going to be forgotten as soon as you leave that specific website. How should I proceed further?
Johann, what do you recommend? Fennec does not appear to create a separate session for Private Browsing Mode, so SitePermissions.SCOPE_SESSION includes the lifetime of both PBM and normal mode tabs. Permissions allowed in a PBM "session" would still be remembered during the corresponding normal mode tabs of the same session.
That is how it works on desktop, too. It is just a limitation of how the permission manager works and I think we're generally okay with that. There are two different issues here:
- A browsing session is ended on app restart, not on private window closing (for most things, really)
- Permissions ignore origin attributes and are thus shared between private windows and normal windows
The former is hard to solve without significant investment, the latter is being worked on somewhat actively.
So, it's fine to scope for session, it's the best we can do for now.
I hope that helps :)