Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

Session variables without cookies. Brilliant but terrifying hack—you can store up to 2 MB of data in window.name and it persists between multiple pages, even across domains. Doesn’t work with new tabs though, and storing JSON in it and eval()ing it is a bad idea—a malicious site could populate it before sending the user to you.

1 comment

  1. The other way to handle larger session data storage would be to store a randomly generated key in the session, and then use that to access server side stored data.

    I used something similar where i needed to have the effect of storing files in the session until a process was complete, so i stored them server side but accessed through a client side key when they were needed.

    Gemma K - 14th May 2008 16:12 - #

Sign in with OpenID

Auto-HTML: Line breaks are preserved; URLs will be converted in to links.

Manual XHTML: Enter your own, valid XHTML. Allowed tags are a, p, blockquote, ul, ol, li, dl, dt, dd, em, strong, dfn, code, q, samp, kbd, var, cite, abbr, acronym, sub, sup, br, pre

A django site