present localStorage as cookie in the same UI

NEW
Unassigned

Status

()

Core
DOM
--
enhancement
8 years ago
a month ago

People

(Reporter: jonathan chetwynd, Unassigned)

Tracking

(Blocks: 2 bugs, {testcase, uiwanted})

Trunk
testcase, uiwanted
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

8 years ago
mozilla recently implemented web storage:
http://dev.w3.org/html5/webstorage/

http://dev.w3.org/html5/webstorage/#user-tracking
this specification states:
User agents should present the persistent storage feature to the user in a way
that does not distinguish them from HTTP session cookies.

however there is no 'cookie' associated with the url given when searching in
preferences/show cookies

a possibly related cookie in xml bug 506639
(Reporter)

Comment 1

8 years ago
description should read:
searching in preferences/privacy/remove individual cookies

Comment 2

8 years ago
i'm not sure i agree. and note that networking:cookies is for the underlying transport, not for any user interface (which lives in Firefox, or Camino, or SeaMonkey, or ...)

my camino privacy pane has a show cookies button which opens a sheet which has:

Website /\| Name   | Path   | Secure | Expires      | Value
with each row containing a cookie including its entire value

Assuming that localStorage can be mb's of data, i really would hate to have that in the value field.

My Firefox Privacy pane has a "remove individual cookies" link which opens a window with a tree of domains

Site                   | Cookie Name
v google.com           |
    google.com         | TZ
...

selecting a cookie in the tree shows a bunch of rows of information:

Name: TZ
Content: ...
Domain: ...
Path: ...
Send for: ...
Expires: ...

again, the whole value is shown. and again, showing mb's of data here is unlikely to make me happy.

Now, I said that networking:cookie is the wrong place for this bug, similarly dom:* is the wrong place, but the implementation of localStore lives somewhere in dom, and I want people to think about it before they send it to the various ui's to deal with. (and perhaps they already have a bug for this, since they should, as they added a privacy thing and that should have come up during their review process.)
Severity: normal → enhancement
Component: Networking: Cookies → DOM: Mozilla Extensions
OS: Mac OS X → All
QA Contact: networking.cookies → general
Hardware: PowerPC → All
Keywords: uiwanted
johnatan: we are not presenting the localStorage content to the user via the cookies UI, at least as I know the Firefox code. localStorage (globalStorage) is treated as cookies because we share quota for the storage data and cookies along for a domain and we delete the storage data along with the cookies for a domain on a user request. This is how I explain my self the spec.

Unfortunatelly, the same happens for localStorage (globalStorage) data when a domain is marked by the user as an offline web application. I filled bug 499654 for this as I don't agree with the current behavior.

If you want to change the UI then I have no opinion. However, localStorage will not be used only for cookies-like data types, I agree with timeless it may contain MBs of data, mainly the offline apps as this is the only way of local data storage at the present (we don't support any structured storage).
Assignee: nobody → honzab.moz

Updated

8 years ago
Blocks: 449981

Comment 4

7 years ago
Does this mean that a Firefox user cannot see and control html5 local stored data?

As an example, many ad networks may now use local stored data for user tracking. So even though I can delete the ad network cookie, the local stored information will still be present?

As you may know, in Chrome local storage is presented in the same context as cookies, with the same ability for the user to delete and control.

Thank you

http://www.privacychoice.org
Please ignore my comment 3, I had setup a pref that changed the standard behavior.

To explain:
- localStorage can be used for storing "localStorage cookies" that should be in all places handled as http cookies (we have flaws here)
- localStorage can be used as storage for offline web applications ; those are web sites that are enabled by user to behave as offline applications ; these stored values must not be treated as "localStorage cookies" i.e. not displayed in the cookies UI and not deleted along with cookies (this all is already implemented in the current Gecko)
Summary: present localStorage as cookie → present localStorage as cookie in the same UI
Blocks: 599724

Comment 6

7 years ago
(In reply to comment #5)
> - localStorage can be used for storing "localStorage cookies" that should be in
> all places handled as http cookies (we have flaws here)
> - localStorage can be used as storage for offline web applications ;

How do you know whether a given localStorage object is a cookie or an offline "application storage"?
(In reply to comment #6)
> How do you know whether a given localStorage object is a cookie or an offline
> "application storage"?

You can give a domain an "offline application permission".  Then localStorage accessed by such a domain (i.e. by all origins that use that domain) behaves as an offline application storage.

To turn a web page to an "offline application", let it define the "manifest" attribute in the <html> opening tag.  You will find more about defining manifests in the HTML5 spec.
(Assignee)

Updated

4 years ago
Component: DOM: Mozilla Extensions → DOM
Product: Core → Core
Assignee: honzab.moz → nobody
See Also: → bug 1309118
You need to log in before you can comment on or make changes to this bug.