Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

JSON in URL Hash - A bad or good idea?

I've created a helper object to store JSON in the URL hash. See project here on GitHub:

This is useful for persisting page settings without a cookie. Works pretty good and I like it.

What are thoughts for and against this approach? I've read security might be. Is it really when you are using json2.js or the native JSON object in newer browsers?

like image 956
Martin Drapeau Avatar asked Aug 05 '11 01:08

Martin Drapeau


3 Answers

rison seems like a more compact and efficient way. Especially since many characters used in JSON aren't URI-safe.

Also, it's seldom wise to include sensitive information (that is, most of it) in anything that goes back and forth between server and client. That's why most 'session' schemes store only a session ID in a cookie, and not all the information. In that case, adding the ID to the URL isn't any harder than using the cookie. In fact, that was the default way to do sessions in PHP back in the old days when cookies were an advanced feature of a few browsers.

like image 137
Javier Avatar answered Nov 16 '22 05:11

Javier


You should aware there is a limit to the url length and it changed between different browsers: http://www.boutell.com/newfaq/misc/urllength.html

like image 3
Naor Avatar answered Nov 16 '22 05:11

Naor


In which part of the url are you storing it? The #fragment or the ?query ?

If it's the query... don't.

As those:

  • remain in server logs,
  • are captured by proxies,
  • and are sent as referers to fellow sites you may link to from your page.
like image 1
ZJR Avatar answered Nov 16 '22 06:11

ZJR