HTML5 - Can Session storage / local storage be disabled and Cookies enabled?
Technically speaking, cookies and the Web Storage API are different things, but a common user probably does not know the difference, nor need to. A common user has, however, heard about security concerns with cookies. He may also have heard advice to regularly clear cookies or disable them altogether. And so, a common user expects a function that says "Disable Cookies", but actually means "Don't let websites persist data on my computer".
I believe that is why most browsers continue to provide the familiar function of disabling "Cookies", but of course do more than that under the hood in order to fulfill what they think is the actual user intent.
For now, the behaviour is browser-dependent. Disabling cookies on each of these browsers disable the following:
- Chrome: cookies, localStorage, sessionStorage, IndexedDB
- Firefox: cookies, localStorage, sessionStorage
- IE: cookies only
I do think that for the sake of precision and flexibility, browser vendors should tweak their implementation to have a basic option "Don't let websites store data on this computer" which disables cookies and all persistent storage mechanisms, as well as "Advanced Settings" functionality to individually disable various storage mechanisms.
All I've been able to find is § 6.1 of the W3C Web Storage Specification:
Treating persistent storage as cookies
If users attempt to protect their privacy by clearing cookies without also clearing data stored in the local storage area, sites can defeat those attempts by using the two features as redundant backup for each other. User agents should present the interfaces for clearing these in a way that helps users to understand this possibility and enables them to delete data in all persistent storage features simultaneously.
Browsers "should" enable simultaneous deletion, but there's no recommendation on separate toggles for local storage and cookies.
That said, in IE 11, I'm able to disable DOM storage but enable cookies. Conversely, disabling cookies has no effect on DOM storage. In FF & Chrome latest, disabling cookies seems to also disable DOM storage.
If you disable the cookie , then local storage will not work. I Just tried out .
Try the following steps , to check it out
Google Chrome
step 1 :
Select the Chrome menu icon Chrome menu.
Select Settings.
Near the bottom of the page, select Show advanced settings.
In the "Privacy" section, select Content settings.
Select Block sites from setting any data.
Select Done.
Step 2 : Open browser console and type localstorage.name="test". This will throw below error
Uncaught DOMException: Failed to read the 'localStorage' property from 'Window': Access is denied for this document.
at Error (native)
at <anonymous>:2:1
at Object.InjectedScript._evaluateOn (<anonymous>:895:140)
at Object.InjectedScript._evaluateAndWrap (<anonymous>:828:34)
at Object.InjectedScript.evaluate (<anonymous>:694:21)
Step 3 : now enable cookie and try it out . Local Storage will work
FireFox:
The same I tested in Firefox and it works the same way .
Try the steps below:
Step 1:
Click the menu button New Fx Menu and choose Options.
Select the Privacy panel.
Set Firefox will: to Use custom settings for history.
Now disable accept cookies from site
Step 2:
Open browser console and try localstorage.name="test" . This will fail as below
SecurityError: The operation is insecure.
Step 3:
Now enable cookie and try it will work.
So without cookies enabled localstorage will not work on chrome and firefox.