In an era where privacy laws like the GDPR (General Data Protection Regulation) and the EU e-Privacy Directive are reshaping how web applications handle user data, developers face a growing challenge: how to manage temporary session data without tripping over cookie consent banners or risking non-compliance. Traditional tools like cookies and localStorage often require explicit user consent in Europe, as they persist data across sessions and can be used for tracking. Enter WindowNameStore—a lightweight JavaScript class that leverages the quirky window.name property to provide a volatile, privacy-conscious alternative for temporary storage, all released under the GPL-v3 license to empower developers everywhere.
What Is WindowNameStore?
WindowNameStore is a simple, open-source JavaScript class that wraps the browser’s window.name property into an easy-to-use key-value store. Unlike cookies or sessionStorage, it’s inherently volatile: data lives only as long as the browser window or tab remains open and is wiped when the user navigates to a different domain or closes the tab. Here’s the code:
class WindowNameStore {
constructor() {
try {
const rawData = window.name || '{}'; // Default to empty object if unset
this._data = JSON.parse(rawData);
} catch (e) {
console.warn('Invalid window.name data, resetting to empty object', e);
this._data = {};
this._sync();
}
}
_sync() {
window.name = JSON.stringify(this._data);
}
get(key, defaultValue = null) {
return key in this._data ? this._data[key] : defaultValue;
}
set(key, value) {
this._data[key] = value;
this._sync();
}
clear() {
this._data = {};
this._sync();
}
delete(key) {
delete this._data[key];
this._sync();
}
}
// Usage
const store = new WindowNameStore();
store.set('userPrefs', { theme: 'dark', lang: 'en' });
console.log(store.get('userPrefs')); // { theme: 'dark', lang: 'en' }
Why WindowNameStore Shines in Privacy-Restrictive Environments
Under GDPR and the e-Privacy Directive, any mechanism that stores data on a user’s device—especially if it can be used to identify or track them—requires careful consideration. Cookies, even session cookies, often fall under scrutiny because they’re stored on disk and can persist beyond a single interaction unless explicitly configured otherwise. The e-Privacy Directive, in particular, mandates user consent for non-essential cookies, leaving developers scrambling for alternatives when they just need short-term, functional storage.
WindowNameStore sidesteps these issues entirely:
- Volatility Is Built-In: Data in window.name exists only in memory and vanishes when the window closes or the user navigates to a different domain. There’s no persistence, no disk writes—nothing for regulators to flag as a privacy risk.
- No Consent Required: Since it’s not a cookie and doesn’t track users across sessions or domains, it qualifies as a “strictly necessary” tool under most interpretations of EU law—think temporary form state or UI preferences that don’t outlive the user’s visit.
- Tab Isolation: Each tab gets its own window.name, so there’s no cross-tab leakage. Open a new tab, and it’s a clean slate—perfect for keeping data scoped to a single interaction.
- GDPR-Friendly: With no personal data stored long-term and no ability to profile users without explicit re-implementation, it aligns with GDPR’s data minimization principle.
Imagine a multi-step form on an e-commerce site. In Europe, saving progress via cookies might trigger a consent popup, while localStorage could raise eyebrows if it lingers. With WindowNameStore, you can stash the user’s input as they go, let them finish (or abandon) the form, and let the data evaporate when they close the tab—all without a single compliance headache.
In the first version of my EU e-Privacy Directive Joomla extension, I used this method to store consent state information before before consent was given. Users could decline consent, and the extension would remember that decision - without creating a cookie or using localStorage.
Use Cases in Action
- Form Progress: Store user inputs across a wizard-style checkout without hitting a server or bothering with cookies.
- UI Preferences: Save a dark mode toggle or language choice for the session, resetting on tab close.
- A/B Testing: Track variant exposure within a single visit without persistent identifiers.
- Cart Drafts: Keep items in a shopping cart until the tab closes, no consent required.
It’s not a replacement for all storage needs—window.name has a size limit (typically 2-10 MB, browser-dependent) and resets on cross-domain navigation—but for same-domain, short-lived tasks, it’s a gem.
Open Source Under GPL-v3
WindowNameStore is released under the GNU General Public License v3, a deliberate choice to make it freely available to all developers. The GPL-v3 ensures you can use, modify, and distribute this code in your projects, as long as any derivative works remain open-source under the same license. This aligns with the spirit of privacy-focused development: a tool that respects users shouldn’t be locked behind proprietary walls.
For developers in privacy-restrictive regions—or anywhere users demand transparency—this licensing means you can adopt WindowNameStore, tweak it to your needs (say, adding size checks or event triggers), and share it back with the community. It’s a collective win: you get a compliant storage option, and others benefit from your improvements.
Why Not Cookies or SessionStorage?
Cookies come with baggage—consent banners, expiration management, and a tracking stigma. SessionStorage is closer, but it’s still part of the Web Storage API, which some privacy advocates argue falls under e-Privacy rules if used beyond strict necessity. Plus, it persists across same-domain page loads in a tab, which might be more than you need. WindowNameStore is leaner, simpler, and dodges the regulatory gray areas.
Getting Started
Grab the class, drop it into your project, and start using it. Test it in your browser—most (Chrome, Firefox, Safari) handle window.name generously with megabytes of capacity. If you hit an edge case (like a corporate lockdown disabling window.name), it’ll gracefully fall back to an empty object, keeping your app humming.
In a world where privacy isn’t just a feature but a legal mandate, WindowNameStore offers a practical, open-source lifeline. It’s not flashy, but it’s effective—and that’s what counts when you’re building for users who expect both functionality and respect.
