Limitiations of AP.cookie

Hey there :wave: ,

We are currently in the progress of migrating from using Window.localStorage - Web APIs | MDN to AP.cookie , as using window.localStorage on Cloud seems to be problematic regarding 3rd party cookies, when we realized some flaws / limitations with using AP.cookie (see below). I was wondering if there are any plans of addressing those issues, as AP.cookie seems to be the only way to store information in the browser with 3rd party cookies disabled.

The concrete issues we see are coming from the fact that the information of all Connect Apps is stored on a single cookie ( AJS.conglomerate.cookie ), rather then different cookies for each app. This leads to multiple issues:

  1. Using AP.cookie.save , the storage duration of this master-cookie can be selected. However, this makes it possible to delete the information stored by other apps by just using AP.cookie.save('', 0) (or any other custom amount that is shorter then needed by other apps).
  2. Furthermore, as cookies have a maximum storage limit of 4096 bytes, AP.cookie.save just stops working when (potentially other apps) exceed this limit, not even throwing an exception.
  3. The space limit is also quite small in general, as those 4096 bytes also contain the keys of the stored data.
  4. Minor: Why does the data of apps need to be sent to the Atlassian Servers at all?

Is there any chance we can get a similar API that works on the basis of localStorage ? This would effectively remove all the issues we currently face with AP.cookie .

Cheers,

Fabian

7 Likes

@FabianSiegel1 what are the particular problems you are having with window.localStorage ?

@david Users can disable third party cookies in chrome (Settings β†’ Privacy and Security β†’ Cookies and other site data β†’ Block third party cookies). If third party cookies are disabled this way and the user never visited the page outside of an iframe, window.localStorage won’t work (throws an exception: Uncaught DOMException: Failed to read the 'localStorage' property from 'Window': Access is denied for this document.).

2 Likes

I have just tried this out, and it seems that now a cookie saved with AP.cookie is in fact being saved as a separate localStorage item, not as a cookie anymore.

Also, the new saveLocalStorage and readLocalStorage methods have appeared in the documentation, although it is not documented how exactly it works.