Limitiations of AP.cookie

Hey there :wave: ,

We are currently in the progress of migrating from using Window.localStorage - Web APIs | MDN to AP.cookie , as using window.localStorage on Cloud seems to be problematic regarding 3rd party cookies, when we realized some flaws / limitations with using AP.cookie (see below). I was wondering if there are any plans of addressing those issues, as AP.cookie seems to be the only way to store information in the browser with 3rd party cookies disabled.

The concrete issues we see are coming from the fact that the information of all Connect Apps is stored on a single cookie ( AJS.conglomerate.cookie ), rather then different cookies for each app. This leads to multiple issues:

  1. Using , the storage duration of this master-cookie can be selected. However, this makes it possible to delete the information stored by other apps by just using'', 0) (or any other custom amount that is shorter then needed by other apps).
  2. Furthermore, as cookies have a maximum storage limit of 4096 bytes, just stops working when (potentially other apps) exceed this limit, not even throwing an exception.
  3. The space limit is also quite small in general, as those 4096 bytes also contain the keys of the stored data.
  4. Minor: Why does the data of apps need to be sent to the Atlassian Servers at all?

Is there any chance we can get a similar API that works on the basis of localStorage ? This would effectively remove all the issues we currently face with AP.cookie .




@FabianSiegel1 what are the particular problems you are having with window.localStorage ?

@david Users can disable third party cookies in chrome (Settings β†’ Privacy and Security β†’ Cookies and other site data β†’ Block third party cookies). If third party cookies are disabled this way and the user never visited the page outside of an iframe, window.localStorage won’t work (throws an exception: Uncaught DOMException: Failed to read the 'localStorage' property from 'Window': Access is denied for this document.).