[kevincox]

> When a user adds a website to their Dock, Safari will copy the website’s cookies to the web app. That way, if someone is logged into their account in Safari, they will remain logged in within the web app. This will only work if the authentication state is stored within cookies. Safari does not copy over any other kind of local storage. After a user adds a web app to the Dock, no other website data is shared, which is great for privacy.

This seems like a strange decision.

1. Auth with local storage can be quite nice if you don't need to send the cookies to the server on every request.

2. This will lead to different login states in the browser and in the "app" which is not what I would expect and can be inconvenient if you open links to that website.

[littlecranky67]

> Auth with local storage can be quite nice

With the `SameSite=strict` option on modern browsers and the `HttpOnly` (plus `Secure` to only run in SSL secured context), Cookies are more secure and the way to go instead of storing credentials anywhere accessible from within JavaScript. Before SameSite=strict, cookies were a security nightmare and often resultet in XSRF attacks, and required XSRF mitigations (like xsrf tokens), but this is no longer the case as all modern browsers support it.

[littlecranky67]

Wish they would do this on iOS (and allow a custom install button). They recently removed shared Caches between serviceworkers in Safari and the PWA on iOS, requiring to relogin after every PWA "install" :(

As for your (2) point, I think cookies is the only thing that should be copied. LocalStorage or IndexedDB could result in inconsistwncies and breakage (PWA and Website code can version missmatch).

[zwily]

I think links to the website installed as an app would open the app, no?