Open dlongley opened 2 years ago
Quoted from the other duplicate issue (#120):
It's unclear what kind of storage is available in private browsing mode across browsers. Ideally, we can remove all cookie-based storage in all cases.
For non-private browsing modes:
- First party mode: All modern browsers have IndexedDB and we should use that with a new, simple database layout vs. the legacy layout that's been used to support a variety of storage backends.
- Third party mode: Chrome is the only browser still using third party mode and it supported IndexedDB, so it should be used.
For private browsing modes:
- First party mode: Always use this mode, regardless of browser. Determine if all modern browsers support IndexedDB (whether it be backed by memory store or whatever, so long as it works as long as the same private session / window is in use).
In order to achieve backwards compatibility in the latest upgrade, we had to leave cookie based-storage in place for browsers that previously stored registrations / hints in 3rd party storage (where only cookies were available).
Now that we've completed the move from 3rd party storage to 1st party storage and have deprecated the hints and registrations API, we should move to stop using cookies entirely when the mediator loads in 1st party windows. Using
localStorage
/IndexedDB
will give us more consistent behavior across browsers and better storage and persistent support.IndexedDB
is perhaps available in all major browsers now.We should implement a new mediator upgrade that will convert existing hints / registrations in 1p cookie storage to
IndexedDB
. At the same time, we can drastically simplify ourIndexedDB
database layouts. In the past we needed to create multiple databases, one per origin, to store various hints, etc (not to mention mixinglocalStorage
+IndexedDB
support).Now that hints and registrations have been eliminated, we can simplify to a single database of the latest
credential_handler
information loaded frommanifest.json
files. The next significant mediator upgrade should have backwards compatibility code to migrate existing data to newer, cleaner database design and better storage mechanisms.