On Nov 5, 2012, at 6:15 AM, Tobie Langel <to...@fb.com> wrote: > It seems there would/could be value in determining precisely what a > session is
I'm not sure we'd be interested in strictly defining what a session is in spec. A "session" - while having spec ramifications - seems very much to be a user-level feature with a lot of flexibility in differentiation between user agents. WebStorage gives a minimal definition of session lifetime that I've grown fond of: "The lifetime of a top-level browsing context (which) can be unrelated to the lifetime of the actual user agent process itself, as the user agent may support resuming sessions after a restart." I'd not be adverse to giving a more fleshed out definition of what happens to session-ey technologies when a session's lifetime is over but further defining requirements for session lifetime should be done with great care. > And/or coming up with an API to allow application developers > to close sessions on a per origin basis and benefit from related > security/privacy guarantees (wiping-out session storage, cookies, etc.). Sites can already clean up individual session-ey nuggets on a case-by-case basis. I'm not sure I like the idea of giving them the nuclear option as they'll just start using that liberally instead of thinking things through. This could cause excess i/o and/or lock contention where such semantics are defined. Thanks, ~Brady
