Javascript-free session variables
I never liked the Kuk implementation in Javascript. The volume is limited (4x20 KB per domain), it is possible to store only in the string type, the syntax for installing and receiving cookies is excessively complex.
And what's more, the browser adds cookies to the request header — and since many corporate firewalls only allow headers to a certain size, your pages may not load at all (I’ve seen it’s awful).
Therefore, I wrote a small script that allows you to use session variables in Javascript without setting the cookies. It allows you to store up to 2 MB of data, which is much less limited in capacity than a solution based on cookies.
')
Insert sessvars.js (6 Kb) in the head section of the page where you want to use session variables in front of other scripts that will use them.
You now have an object called sessvars . It works like any other normal object in Javascript - you can add variables to it and change their values. The only difference is that sessvars will not disappear when going from page to page. That is, if your script does something like this:
Try an example
The only property variable of the sessvars object you should not touch is $ , because it contains a number of useful methods:
There are also a number of different flags with which you can set the behavior of sessvars :
The underlying principle of sessvars.js is quite simple:
I used the fact that you can set the window.name property in javascript - this property is usually used to name windows and frames so that you can refer to them by name from scripts. In order not to overlap with this in the frameset (if someone still uses them) my script uses only the top.name property.
A remarkable feature of window.name is that this value is stored between page loads (and even domains) and that it allows you to store very long names. The unpleasant side is that the property allows only a string data type, so I used a JSON stringifier to serialize / deserialize data.
And finally, I added a window unload event handler that removes the need to manually save data every time you change something in sessvars.
In sessvars there is a flag for use between domains, but although its default value is false, it only monitors that you do not mistakenly receive garbage from the window.name property from other sites. In fact, the data will be quite accessible to other scripts on other sites, and anyone can make javascript: alert (window.name) in the address bar of the browser.
Therefore, please do not store important information in sessvars, such as passwords, credit card numbers, etc.
But in some situations, sessvars are safer than cookies - the contents of the cookies are sent to the server in the request, while window.name is not, therefore it is more difficult to intercept them.
And what's more, the browser adds cookies to the request header — and since many corporate firewalls only allow headers to a certain size, your pages may not load at all (I’ve seen it’s awful).
Therefore, I wrote a small script that allows you to use session variables in Javascript without setting the cookies. It allows you to store up to 2 MB of data, which is much less limited in capacity than a solution based on cookies.
')
Insert sessvars.js (6 Kb) in the head section of the page where you want to use session variables in front of other scripts that will use them.
How to use
You now have an object called sessvars . It works like any other normal object in Javascript - you can add variables to it and change their values. The only difference is that sessvars will not disappear when going from page to page. That is, if your script does something like this:
sessvars.myObj = {name: "Thomas", age: 35}on one page, you can access the sessvars.myObj object on any other page that the user will visit in the current session.
Try an example
Methods
The only property variable of the sessvars object you should not touch is $ , because it contains a number of useful methods:
- sessvars. $. clearMem ()
Cleans sessvars - sessvars. $. usedMem ()
Returns the amount of memory used in kilobytes. - sessvars. $. usedMemPercent ()
Returns the amount of memory used as a percentage of the total possible volume. - sessvars. $. debug ()
Displays a debugging window at the top of the page (as in the example above) - sessvars. $. flush ()
Explicitly saves the current state of sessvars, so that all data will be saved when the page transition is complete. This is rarely necessary, since in a normal situation it is done automatically at the unload event.
Flags
There are also a number of different flags with which you can set the behavior of sessvars :
- sessvars. $. prefs.memlimit
Default is 2000
Indicates the amount of data in kb allowed for storage in sessvars. The default is 2000 Kb, since Opera 9.25 has a limit just above this number. For other browsers (IE7.0, Firefox 1.5 / 2.0 and Safari 3.0), the limit is much higher - 10 MB is not difficult for these browsers. - sessvars. $. prefs.autoFlush
true / false, true by default
Determines whether the flush () method will be called automatically. - sessvars. $. prefs.crossDomain
true / false, false by default
If the flag is set to true, the contents of sessvars can be read from different domains (if both sites use sessvars.js). - sessvars. $. prefs.includeFunctions
true / false, false by default
Determines whether sessvars will save functions. - sessvars. $. prefs.includeProtos
true / false, false by default
If true, the properties assigned to the prototypes of various data or objects will be saved. Rarely necessary.
Where is the data stored?
The underlying principle of sessvars.js is quite simple:
I used the fact that you can set the window.name property in javascript - this property is usually used to name windows and frames so that you can refer to them by name from scripts. In order not to overlap with this in the frameset (if someone still uses them) my script uses only the top.name property.
A remarkable feature of window.name is that this value is stored between page loads (and even domains) and that it allows you to store very long names. The unpleasant side is that the property allows only a string data type, so I used a JSON stringifier to serialize / deserialize data.
And finally, I added a window unload event handler that removes the need to manually save data every time you change something in sessvars.
Security questions
In sessvars there is a flag for use between domains, but although its default value is false, it only monitors that you do not mistakenly receive garbage from the window.name property from other sites. In fact, the data will be quite accessible to other scripts on other sites, and anyone can make javascript: alert (window.name) in the address bar of the browser.
Therefore, please do not store important information in sessvars, such as passwords, credit card numbers, etc.
But in some situations, sessvars are safer than cookies - the contents of the cookies are sent to the server in the request, while window.name is not, therefore it is more difficult to intercept them.
Source: https://habr.com/ru/post/31573/
All Articles