We are probably stuck with that, until we decide to migrate away from Meteor, which we will do eventually, but probably not in the next few months. I am curious what problems it is causing you.
I do not preserve LocalStorage outside of browser sessions. So to use the site, each time I have to first refresh it until it notices that I’m no longer logged in, and then log in again.
The arguments in that blog post have essentially no substance, because all the security problems with cookies they point to (except maybe one which doesn’t apply to LW) can be matched to analogous but less publicized problems with their method. But this seems pretty irrelevant to any actual reason for the state of things.
It would definitely be a bunch of work, since a bunch of libraries we use also use cookies. If there is a strong argument for the benefit, I would definitely consider it.
I don’t have super strong opinions on this. Meteor uses localStorage for the account system, and they explain their reasons in this blogpost: https://blog.meteor.com/why-meteor-doesnt-use-session-cookies-e988544f52c9
We are probably stuck with that, until we decide to migrate away from Meteor, which we will do eventually, but probably not in the next few months. I am curious what problems it is causing you.
I do not preserve LocalStorage outside of browser sessions. So to use the site, each time I have to first refresh it until it notices that I’m no longer logged in, and then log in again.
The arguments in that blog post have essentially no substance, because all the security problems with cookies they point to (except maybe one which doesn’t apply to LW) can be matched to analogous but less publicized problems with their method. But this seems pretty irrelevant to any actual reason for the state of things.
Would it be feasible to get consistency by using only LocalStorage and no cookie?
It would definitely be a bunch of work, since a bunch of libraries we use also use cookies. If there is a strong argument for the benefit, I would definitely consider it.