[twdev] proposal: replacing cookies with LocalStorage for user preferences

Mon, 10 Jan 2011 06:02:28 -0800 

I've noticed that TiddlyWiki 2.6.2 was uploaded[1] last week. While the
new persistent options are definitely a welcome step forward, user
preferences are still being saved in cookies.

We've long been aware that using cookies for this sort of thing is bad.
For example, some browsers (at this point, Chrome IIRC) don't support
cookies for file URIs. But this is also problematic for documents served
via HTTP; here's the Cookie header being sent to the server with *every*
request to TiddlySpace:

    TiddlyWiki=chkRegExpSearch:"false" chkCaseSensitiveSearch:"false"
    chkIncrementalSearch:"true" chkAnimate:"true" chkSaveBackups:"true"
    chkAutoSave:"false" chkGenerateAnRssFeed:"false"
    chkSaveEmptyTemplate:"false" chkOpenInNewWindow:"true"
    chkToggleLinks:"false" chkHttpReadOnly:"true"
    chkForceMinorUpdate:"false" chkConfirmDelete:"true"
    chkInsertTabs:"false" chkUsePreForStorage:"true"
    chkDisplayInstrumentation:"false" txtBackupFolder:""
    txtEditorFocus:"text" txtMainTab:"Recent" txtMoreTab:"moreTabAll"
    txtMaxEditRows:"30" txtFileSystemCharSet:"UTF-8" txtTheme:""
    txtUserName:"GUEST" chkPrivateMode:"false" chkBackstage:"true"
    chkViewDiffText:"true" chkViewDiffFields:"false"
    txtTiddlySpaceTab:"search";
    tiddlyweb_user="fnd:...";
    csrf_token=2011011013:...

(to be clear, the server has no use whatsoever for that TiddlyWiki
cookie - in fact, one might argue that this constitutes a potential
privacy issue)

Since we've entered the HTML5 era, I reckon we might as well use
LocalStorage[2] where available. Its API is similarly simple (key-value
pairs), and support in modern browsers is pretty good (and presumably
will only improve, also WRT to managing stored data[3]).

Implementation-wise, this should be fairly simple too (though extensive
testing would be required, as there are some quirks[4]).

Thoughts?


-- F.


[1] but not yet announced?
[2] http://diveintohtml5.org/storage.html
[3] e.g. I believe some browsers currently ignore LocalStorage when
    clearing private data
[4] http://twitter.com/FND/statuses/14970037113

-- 
You received this message because you are subscribed to the Google Groups 
"TiddlyWikiDev" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/tiddlywikidev?hl=en.

Reply via email to