For most modern browsers, is it possible to have session or local storage disabled while cookies are enabled? Or does the disabling of cookies also, automatically, disable the use of session / local storage?
Can Session storage / local storage be disabled and Cookies enabled?
Asked Answered
I'm not following what you are trying to do? What is your use case? Why do you want to turn off storage in browser when using cookies? One does not interfere with the other. –
Prelate
@MagnusKarlsson - My question is clear and I didn't say I was trying to do anything. I am simply asking about the relationship between a user disablling cookies and, whether by doing so, session or local storage disabled too. –
Gelatinize
Well not that clear since your comment actually clarified what you are asking for. And my question was to know if you had any special use case which could be solved with Chromium or other browsers, but I guess not then. –
Prelate
All I've been able to find is § 6.1 of the W3C Web Storage Specification:
Treating persistent storage as cookies
If users attempt to protect their privacy by clearing cookies without also clearing data stored in the local storage area, sites can defeat those attempts by using the two features as redundant backup for each other. User agents should present the interfaces for clearing these in a way that helps users to understand this possibility and enables them to delete data in all persistent storage features simultaneously.
Browsers "should" enable simultaneous deletion, but there's no recommendation on separate toggles for local storage and cookies.
That said, in IE 11, I'm able to disable DOM storage but enable cookies. Conversely, disabling cookies has no effect on DOM storage. In FF & Chrome latest, disabling cookies seems to also disable DOM storage.
Technically speaking, cookies and the Web Storage API are different things, but a common user probably does not know the difference, nor need to. A common user has, however, heard about security concerns with cookies. He may also have heard advice to regularly clear cookies or disable them altogether. And so, a common user expects a function that says "Disable Cookies", but actually means "Don't let websites persist data on my computer".
I believe that is why most browsers continue to provide the familiar function of disabling "Cookies", but of course do more than that under the hood in order to fulfill what they think is the actual user intent.
For now, the behaviour is browser-dependent. Disabling cookies on each of these browsers disable the following:
- Chrome: cookies, localStorage, sessionStorage, IndexedDB
- Firefox: cookies, localStorage, sessionStorage
- IE: cookies only
I do think that for the sake of precision and flexibility, browser vendors should tweak their implementation to have a basic option "Don't let websites store data on this computer" which disables cookies and all persistent storage mechanisms, as well as "Advanced Settings" functionality to individually disable various storage mechanisms.
Hi, thanks for your info. by the way, where do you find the behavior of each browser accordingly? –
Bainmarie
All I've been able to find is § 6.1 of the W3C Web Storage Specification:
Treating persistent storage as cookies
If users attempt to protect their privacy by clearing cookies without also clearing data stored in the local storage area, sites can defeat those attempts by using the two features as redundant backup for each other. User agents should present the interfaces for clearing these in a way that helps users to understand this possibility and enables them to delete data in all persistent storage features simultaneously.
Browsers "should" enable simultaneous deletion, but there's no recommendation on separate toggles for local storage and cookies.
That said, in IE 11, I'm able to disable DOM storage but enable cookies. Conversely, disabling cookies has no effect on DOM storage. In FF & Chrome latest, disabling cookies seems to also disable DOM storage.
If you disable the cookie , then local storage will not work. I Just tried out .
Try the following steps , to check it out
Google Chrome
step 1 :
Select the Chrome menu icon Chrome menu.
Select Settings.
Near the bottom of the page, select Show advanced settings.
In the "Privacy" section, select Content settings.
Select Block sites from setting any data.
Select Done.
Step 2 : Open browser console and type localstorage.name="test". This will throw below error
Uncaught DOMException: Failed to read the 'localStorage' property from 'Window': Access is denied for this document.
at Error (native)
at <anonymous>:2:1
at Object.InjectedScript._evaluateOn (<anonymous>:895:140)
at Object.InjectedScript._evaluateAndWrap (<anonymous>:828:34)
at Object.InjectedScript.evaluate (<anonymous>:694:21)
Step 3 : now enable cookie and try it out . Local Storage will work
FireFox:
The same I tested in Firefox and it works the same way .
Try the steps below:
Step 1:
Click the menu button New Fx Menu and choose Options.
Select the Privacy panel.
Set Firefox will: to Use custom settings for history.
Now disable accept cookies from site
Step 2:
Open browser console and try localstorage.name="test" . This will fail as below
SecurityError: The operation is insecure.
Step 3:
Now enable cookie and try it will work.
So without cookies enabled localstorage will not work on chrome and firefox.
I appreciate the details for Chrome and Firefox. Unfortunately, your first sentence ("If you disable the cookie , then local storage will not work.") is true only for certain browsers. In IE, for example, disabling cookies disables only cookies: you have to separately disable local storage, deep in the advanced settings' check-box hell. –
Testimonial
Thanks bishop . But it's still difficult to consider IE as modern browser :P . So I did n't do test on that –
Lanita
© 2022 - 2024 — McMap. All rights reserved.