Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Are cookies the only native cross-subdomain storage?

Cookies are great because a value written in website.com can be used in www.website.com (www is considered a sudomain of no-www). The downside is all the cookie values are sent along with every HTTP request to the server. So I'm looking for a local storage mechanism available natively to Javascript that works cross-subdomain and isn't transmitted to the server. Does such a mechanism exist? LocalStorage doesn't work cross-subdomain and Flash Cookies wouldn't work on iPhone.

like image 450
JoJo Avatar asked Jun 20 '11 02:06

JoJo


2 Answers

Perhaps just redirect website.com to www.website.com or vice versa? This seems like it would be the simplest fix. http://www.scriptalicious.com/blog/2009/04/redirecting-www-to-non-www-using-htaccess/

like image 175
devictories Avatar answered Sep 23 '22 02:09

devictories


If your users have an actual account that they login to on your server, then you could store the info server-side and just include a little javascript in the each page that will need that data with the appropriate data. When you render the page server-side, you can define a user object in javascript with appropriate attributes set to the data values that can then be referenced client-side. That way, you only include the data that is needed in a given page, the same user data is available no matter what computer the user logs in from (no reliance on persistent cookies). If larger pieces of data are needed only occasionally and you don't want to include them in the page in case they are needed, then make those pieces of data queryable via ajax/json so they can be retrieved only when needed.

If you're still intent on only storing it locally, then cookies or HTML5 local storage are your only options and cookies will be your only cross browser option that covers all browsers in use. At the addition of implementation complexity, you could combine a number of the suggestions:

  1. Always redirect to www.domain.com so all user activity is on the same domain.
  2. Use HTML5 local storage when available (the redirect in step 1 prevents sub-domain lockout).
  3. Fall back to cookie storage when HTML5 local storage is not available.

One could presumably write or find an abstraction for HTML5 local storage and cookies so 99% of your code could be independent of which storage mechanism was actually being used. It looks like there are some jQuery plugins that do exactly that.

like image 44
jfriend00 Avatar answered Sep 23 '22 02:09

jfriend00