Don’t Forget to Check Private Browsing Mode when Testing

Private Browsing Broke my App!

Well, sorta. Local storage is disabled (meaning you cannot store stuff there) when in private browsing mode in iOS and Safari on OSX. This can have unintended consequences if you rely on information stored there (e.g. null references). I have tested several applications that are stateless—meaning there is no session information stored other than your login information. Each request for a service or asset is authenticated. Because of this architectural decision, it is tempting to use local storage to maintain some sort of state. The result is that the applications break when the browser changes to private mode and what you are expecting to be there disappears or cannot be set.

Viewing What is in Your Local Storage

Note that there may be more than one way to do this.

Safari

In the advanced section of the settings menu, make sure “Show develop menu in menu bar” is checked. Then, choose “Develop => Show Page Resources”. You will see local storage as an option.

Firefox

Open the developer console. Type:
localstorage;

Click the resulting “[object Storage]” to see the contents.

Chrome

Open the inspector via keystroke or by right clicking on some element of your page and then clicking “Inspect element”. Click on the “Resources” tab, then “local storage”.

IE

I didn’t look into this. You will have to “Bing” it.

Other Browsers’ Behavior in Private or Incognito Mode

Firefox seems to allow local storage, but it is purged when you exit private browsing mode. Chrome behaves similarly. Both Firefox and Chrome allowed my application to work properly while in private browsing or incognito mode because they allow the local storage. They would break, however, if they expected a value set from a previous session to be there at a subsequent visit. This seems like poor architecture in any case because the user can clear this data at any time either by exiting or entering private mode, or just by clearing the browser data and cache.

What to Do

This article is not intended to tell you how to fix this. There are many options that range from detecting the private mode, to using a different mechanism to accomplish what you need to do. Since there are so many, I suggest you search and figure out what works best for you. But as a tester, make sure to check. Experience has shown me that people use private mode or incognito mode for various, and not necessarily, nefarious purposes.

Additional, Exhausting Reading

http://www.usenix.org/legacy/event/sec10/tech/full_papers/Aggarwal.pdf