Thoughts on sessionStorage

Question

Thoughts on sessionStorage

Zirro opened this issue 7 years ago · 5 comments

This proposal only covers async localStorage at the moment, leaving its less common sibling sessionStorage unmentioned. Nevertheless I occasionally see those who recommend using it for handling temporary data.

I'm curious where you stand on this. Could you see it being added as part of this proposal later on? Do you think it should be a separate layered API? Or has the use case for sessionStorage proven small enough that it may not be justified at all?

Answer 1 · 2018-03-16T07:40:58.000Z

Somewhat similar to #21, the issue here is again that:

We don't think sessionStorage is being used much
This is somewhat confirmed by none of the existing localStorage-but-better libraries having a replacement for it
But, we don't have any hard data

One point worth discussing though is that I'm not sure how to build a SessionStorage replacement yourself. I.e., when do you call clear()? There's no "new session" notification I'm aware of.

Answer 2 · 2018-03-16T14:21:35.000Z

I agree that sessionStorage is likely seeing little use now, but this might be due to a lack of knowledge about the implications or alternatives to localStorage. With stricter privacy laws such as the GDPR coming into play and requiring more careful handling of data, this might change soon.

There's no "new session" notification I'm aware of.

The data would ideally be cleared at the end of a session rather than when a new one begins, in order to protect against someone else who has access to the machine. I recognise that this might not be possible without new low-level capabilities, though.

Alternatively, a spec like https://github.com/w3c/webappsec-clear-site-data might be able to provide a mechanism which can clear data at the end of a session (or just keeps it in memory at all times), in which case there would be no need for the storage API itself to cover it.

Answer 3 · 2018-03-16T20:25:59.000Z

So, this would probably need whatwg/storage#11 (or w3c/IndexedDB#205, with a session-based rather than time-based option) to be resolved, for this to be possible to implement as a layered API.

I still think it would be nice to keep in mind a potential expansion of the API which could allow for this in the future, by passing an options object to the StorageArea constructor or a third argument to set(), for example. But otherwise - if the low-level capabilities for this just aren't there now - there might not be much left to discuss here at the moment.

Answer 4 · 2018-03-17T02:05:40.000Z

Wikipedia's abstraction around Web Storage does support both sessionStorage and localStorage.
And we use these a fair bit (wm/codesearch, gh/codesearch).

https://doc.wikimedia.org/mediawiki-core/REL1_30/js/#!/api/mw.storage
https://doc.wikimedia.org/mediawiki-core/REL1_30/js/#!/api/mw.storage.session
https://doc.wikimedia.org/mediawiki-core/REL1_30/js/#!/api/mw.SafeStorage

Source code: https://github.com/wikimedia/mediawiki/blob/1.30.0/resources/src/mediawiki/mediawiki.storage.js

Answer 5 · 2018-12-06T16:47:41.000Z

Just wanted to drop an idea here that came to me in another discussion about sessionStorage and a possible analog within async-local-storage

Export a sessionStorage analog as a second instance of StorageArea like we do with storage.
Expose a { session: true } option to the StorageArea constructor.