| ▲ | emn13 5 days ago | |||||||||||||||||||||||||
However, potentially a localStorage (and sessionStorage!) compatible cookie-replacement api might allow for annotating keys with secure and/or HttpOnly bits? Keeping cookies and localStorage in sync is a hassle anyhow when necessary, so having the apis align a little better would be nice. Not to mention that that would have the advantage of partially heading off an inevitable criticism - that users don't want yet another tracking mechanism. After all, we already have localStorage and sessionStorage, and they're server-readable too now, just indirectly. On the other hand; the size constraints on storage will be less severe than those on tags in each http request, so perhaps this is being overly clever with risks of accidentally huge payloads suddenly being sent along with each request. | ||||||||||||||||||||||||||
| ▲ | xp84 5 days ago | parent | next [-] | |||||||||||||||||||||||||
I think if I were implementing a webapp from scratch today I'd use one single Session ID cookie, store sessions in Redis (etc) indefinitely (they really aren't that big), and for things meant to be stored/accessed on the frontend (e.g. "has dismissed some dumb popup") just use local storage. Dealing with anything to do with cookies is indeed incredibly painful. | ||||||||||||||||||||||||||
| ▲ | mdaniel 5 days ago | parent | prev [-] | |||||||||||||||||||||||||
> and they're server-readable too now, just indirectly. Could you point me to more reading about this? It's the first time I've heard of it | ||||||||||||||||||||||||||
| ||||||||||||||||||||||||||