Session storage should not fallback to cookies

[blowsie]

Session storage is, by design intended for potentially private data. For this reason, it cannot be shared between tabs, or persist. And it is for this reason I think you should consider removing the cookie fallback for session storage. (or make it configurable)

[a8m]

@blowsie I agree with you. we should fix that or least make it configurable. I'll try to add this to version 0.1.6 Thanks.

[eddiemonge]

But if local is supported (like in private/incognito) then it falls back to session because that is probably supported. but if its not then falling back to cookie should be allowed because it might be the only thing available.

so a better chain would be to check to see if local was checked first. If it was then session to cookie should be acceptable. If session fell back to cookie without first having had local check then I agree cookie shouldn't be used.

[barefootdeveloper]

I made pull request #185 that allows you to force the cookie to be a secure cookie, but I got to thinking that it should be possible to use an http interceptor that would still use the cookie as a fallback storage mechanism but would prevent it from ever being sent? What do people think of that?

[weisk]

+1. I would, at the very least, give the option to NOT fallback to cookies if storage is not supported.

[tomaszkrym]

+1, due to the cookie fallback it is not possible to get synchronously the information that saving to localStorage failed (i.e. because of quota exceed).

[stevenw]

I might have to move away from this plugin because the fallback its breaking network request by exceeding 4k cookie size. Is there currently a workaround?