HTML5 games are great for removing the download-unzip-run barrier but it's a challenge to save game state/user ID as they run in an iframe pointing to a different domain than itch.io. Safari already blocks third party cookies and website data, and Chrome has plans to do the same. If HTML5 games are to be more than 5-minute prototypes/demos, I think some way of saving state is essential.
I can think of 2 ways:
- Serve the iframe from an itch.io subdomain - this should allow cookies with a user ID or putting game state in local storage, though I'm not sure about the security consequences, e.g. games accessing itch.io session cookies.
- Attach a signed auth token as a query parameter to the iframe URL so the game can identify the user anonymously and can save to its own backend.
Are there any other ways?