This is a follow-up of #31 (comment). I am just opening a new issue so that we don't keep the discussion in an unrelated one.
This is a response for @bsittler observations.
I'm glad to see this isn't the only API that tries to change the default path for Set-Cookie ๐
This has come after much push back from js-cookie team. We just conceded because it was proven with many reports over the years that the default path rules violate the Principle of Least Astonishment for developers that work with cookies.
jQuery cookie didn't changed the Path
until the version 2.0. See this issue for some reported links and context on why that decision was made.
Answering to @bsittler questions:
Also, why synchronous? Is using await ... and/or .then(...) problematic for some reason?
Not at all, it is just that I thought it might make sense to have a synchronous API for compatibility purposes. Many implementations have a similar interface and they are pretty well established in the ecosystem:
This issue sums up very well why we should refrain from creating different APIs. In the last versions, js-cookie tried to be as similar as possible to the interface of other similar implementations to be more portable.
If there's a way to fix the problems that drove the creation of this proposal with a new cookie API that fixes a multitude of other problems (like the encoding issues), then I guess we could leverage this to do that too. Although I still need to understand in details what is the problem that drove the creation of this proposal.
I don't think that being asynchronous by default even when asynchronicity is not necessary would cause any harm other than unnecessary .then
s everywhere, but that's just theoretical purity.
Are there other event handlers that need to be blocked/prevented from firing until the cookie operation completes?
Even handlers from which kind? AFAIK there's no event handler in the synchronous document.cookie
API, it is just I/O. I probably didn't understand the question.
Or is this primarily due to a desire to use it in the inner implementation of pre-existing APIs already exporting script-blocking APIs for cookie operations?
If we could build something that mimics the behavior of an API like js-cookie we could gradually make it cease to exist. There's enough evidence that the features it supports are useful in the wild.
Besides that, there's no need to implement asynchronicity for a synchronous API if there is another standard equivalent that fixes the same issues. The problem is that if the standard don't address things like encoding issues or allows encoding to be overridden for server-side compatibility (like js-cookie converters), then we would need to keep abstracting document.cookie
and the new low-level asynchronous API in a library that complements with the features lacking in the standard.
It would be awesome if we could dedicate the effort to fix the document.cookie
API. Would it make sense?