The spec currently says the user agent* should maintain a "list of active session IDs." This is intended to prevent a persistent session from being loaded twice (or loaded after creation) so that the spec and implementations do not need to worry about multiple representations of the same session data. (This is very similar to the problems with reusing sessions as a way to optimize session creation or message generation.)

The problem is that the current text only addresses multiple sessions within the same DOM. The current text would not prevent loading the session in another browser, which is just as problematic. Thus, the limit must be global, at the same level as the persistent storage.

We should probably just move this responsibility to the CDM portion of the algorithm. The CDM already needs global (to the origin) synchronization to properly manage the persistent sessions. The app-facing behavior (rejecting load() with "QuotaExceededError") would not change.

* It is specified for all implementations, but it should only really be required for implementations that intend to support persistent sessions.