Contact emails
pwn...@chromium.org, jsb...@chromium.org
Spec
Explainer: https://wicg.github.io/cookie-store/explainer.html
Spec draft (mostly a placeholder right now): https://wicg.github.io/cookie-store/
Summary
The Cookie Store API exposes HTTP cookies to service workers and offers a needed asynchronous alternative to document.cookie.
Conceptually, the API consists of three components:
Query API: asynchronous replacement for the document.cookie getter
Modification API: asynchronous replacement for the document.cookie setter
Change Events API: battery-friendly replacement for polling the document.cookie getter
The Change Events API has different shapes in documents and service workers. Documents can register an event listener that receives change events for all cookies visible to the document. Service workers create more fine-grained subscriptions that filter which cookie changes dispatch change events. The main Service Worker use case we are aware of is removing private data from browser storage when the authentication state changes (Clear-Site-Data is not sufficient for sites that support multiple signed-on users).
Link to “Intent to Implement” blink-dev discussion
https://groups.google.com/a/chromium.org/d/topic/blink-dev/gU-tSdjR4rA/discussion
Note that the API is also known as the Async Cookies API.
Goals for experimentation
We want developer feedback around the API’s performance and applicability.
Are the query and modification APIs sufficient for replacing document.cookie?
Is it acceptable to dispatch all cookie change events to documents?
Are the subscriptions in the service worker change events API flexible enough?
At least one major customer inside Google wants to use this API to remove private data from browser storage when authentication data (stored in cookies) changes. At least one major customer outside Google is interested in using this API to replace document.cookie polling. We want to learn from their deployment experiences.
Experimental timeline
Start OT in M69, turn down OT in M71 and iterate if necessary.
Any risks when the experiment finishes?
This API addresses cookies, which are currently accessible via document.cookie and HTTP headers.
Ongoing technical constraints
None
Debuggability
DevTools already has great support for cookies.
Will this feature be supported on all five Blink platforms supported by Origin Trials (Windows, Mac, Linux, Chrome OS, and Android)?
Yes
Link to entry on the feature dashboard
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAP_mGKokYxBYn5X%2BoNM0VG_An2GApaXCUGFA9o5QXRX4aJLoDQ%40mail.gmail.com.