FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Extralight browser-webserver communication via cookies (+)
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
Extralight browser-webserver communication via cookies (+) [message #172662] Thu, 24 February 2011 03:22 Go to next message
n00m is currently offline  n00m
Messages: 25
Registered: February 2011
Karma: 0
Junior Member
It could replace 97% of all xmlhttprequest stuff. Tested in IE and FF.
Below just a minimalistic example of the whole idea.

====================================================
<?php // me.php
if (array_key_exists('sel', $_COOKIE) && $_COOKIE['sel']) {
setcookie('sel', 'You_chose_'.$_COOKIE['sel'].'!', 0);
header('HTTP/1.1 204'); // <- note this...
exit(); // and this. The me.php is loaded only *ONCE*;
}
?>

<html>
<head>
<script>

var dT;
var prev_cookie;

function receiver() {
if (document.cookie == prev_cookie)
return;
clearInterval(dT);
document.myform.txtArea.value = unescape(document.cookie);
}
function sender() {
document.cookie = "sel=" + document.getElementById("sel").value;
prev_cookie = document.cookie;
window.location.href = "me.php";
dT = setInterval(receiver, 100);
}
function reset_cookie() {
document.cookie = "sel=";
}

</script>
</head>
<body>
<br><br>
<center>
<form name="myform">
<label><?php echo date(DATE_RFC822); ?></label>
<br><br>
<textarea name="txtArea" cols="30" rows="8"></textarea>
<br><br>
<select id="sel" style="width:200px;" onchange="sender();">
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
</select>
<br><br>
<input type="button" value="reset_cookie();"
onclick="reset_cookie();" />
</form>
</center>
</body>
</html>
=====================================================
Re: Extralight browser-webserver communication via cookies (+) [message #172663 is a reply to message #172662] Thu, 24 February 2011 03:59 Go to previous messageGo to next message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
On 2/23/2011 10:22 PM, n00m wrote:
> It could replace 97% of all xmlhttprequest stuff. Tested in IE and FF.
> Below just a minimalistic example of the whole idea.
>

<code snipped>

How do you know the cookie information is valid? NEVER trust anything
coming from the client - including cookies!

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
Re: Extralight browser-webserver communication via cookies (+) [message #172669 is a reply to message #172663] Thu, 24 February 2011 12:24 Go to previous messageGo to next message
n00m is currently offline  n00m
Messages: 25
Registered: February 2011
Karma: 0
Junior Member
> How do you know the cookie information is valid?  NEVER trust anything
> coming from the client - including cookies!

How do you know the ***all headers*** information is valid?
Re: Extralight browser-webserver communication via cookies (+) [message #172671 is a reply to message #172662] Thu, 24 February 2011 13:37 Go to previous messageGo to next message
Michael Fesser is currently offline  Michael Fesser
Messages: 215
Registered: September 2010
Karma: 0
Senior Member
.oO(n00m)

> It could replace 97% of all xmlhttprequest stuff.

Not really. Where's this number coming from?

> Tested in IE and FF.
> Below just a minimalistic example of the whole idea.

I consider it nonsense. It makes web applications even more unreliable
and doesn't save anything. Whether you put your content in a misused
cookie or in the message body doesn't make much of a difference.

> ====================================================
> <?php // me.php
> if (array_key_exists('sel', $_COOKIE) && $_COOKIE['sel']) {
> setcookie('sel', 'You_chose_'.$_COOKIE['sel'].'!', 0);
> header('HTTP/1.1 204'); // <- note this...
> exit(); // and this. The me.php is loaded only *ONCE*;

Loaded where? In the browser? This would also be the case with a regular
XHR call - one time the whole document and then only short fragments.
And for the server the load is also the same.

Micha
Re: Extralight browser-webserver communication via cookies (+) [message #172672 is a reply to message #172671] Thu, 24 February 2011 13:55 Go to previous messageGo to next message
n00m is currently offline  n00m
Messages: 25
Registered: February 2011
Karma: 0
Junior Member
> Loaded where? In the browser?

Yes, of course.
Re: Extralight browser-webserver communication via cookies (+) [message #172673 is a reply to message #172662] Thu, 24 February 2011 14:22 Go to previous messageGo to next message
Thomas 'PointedEars'  is currently offline  Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma: 0
Senior Member
n00m wrote:

> It could replace 97% of all xmlhttprequest stuff. Tested in IE and FF.
> Below just a minimalistic example of the whole idea.

Cookies

- can be disabled, or configured so that each cookie (per site or session)
must be confirmed;
- are limited in size (IE default¹: 4096 bytes)
- are limited in numbers (IE default: 300)
- are limited per unique host or domain name (IE default: 20)
___
¹ These defaults are recommendations from RFC 2109, see
<http://support.microsoft.com/kb/306070/en-us>

You also forgot researching about HTML5's localStorage and sessionStorage,
which are not as limited as are cookies.

Your minimalistic example is not even Unicode-safe, let alone Valid. It
would appear to be best if you learned the basics first (and got yourself a
real name).


PointedEars
--
Use any version of Microsoft Frontpage to create your site.
(This won't prevent people from viewing your source, but no one
will want to steal it.)
-- from <http://www.vortex-webdesign.com/help/hidesource.htm> (404-comp.)
Re: Extralight browser-webserver communication via cookies (+) [message #172674 is a reply to message #172669] Thu, 24 February 2011 14:32 Go to previous messageGo to next message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
On 2/24/2011 7:24 AM, n00m wrote:
>
>> How do you know the cookie information is valid? NEVER trust anything
>> coming from the client - including cookies!
>
> How do you know the ***all headers*** information is valid?

You don't. That's why you must ALWAYS verify anything coming from the user.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
Re: Extralight browser-webserver communication via cookies (+) [message #172675 is a reply to message #172673] Thu, 24 February 2011 14:48 Go to previous messageGo to next message
n00m is currently offline  n00m
Messages: 25
Registered: February 2011
Karma: 0
Junior Member
On Feb 24, 4:22 pm, Thomas 'PointedEars' Lahn <PointedE...@web.de>
wrote:
> Cookies
>
> - can be disabled, or configured so that each cookie (per site or session)
>   must be confirmed;
> ...


xmlhttprequest can be lost or disabled or missing;
Also it can happen the power failure;
Your PC can be stolen;

Aha?
= Life is complex: it has both real and imaginary parts. =
Re: Extralight browser-webserver communication via cookies (+) [message #172676 is a reply to message #172675] Thu, 24 February 2011 15:38 Go to previous messageGo to next message
Thomas 'PointedEars'  is currently offline  Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma: 0
Senior Member
n00m wrote:

> Thomas 'PointedEars' Lahn wrote:
>> Cookies
>>
>> - can be disabled, or configured so that each cookie (per site or
>> session) must be confirmed;
>> ...
>
> xmlhttprequest can be lost

Lost?

> or disabled

I do not know of any browser where you can disable XHR but not disable
client-side script support in turn. The latter would be required for your
suggestion to be a viable replacement.

> or missing;

Yes, although no such commonly browser that could set cookies with scripting
comes to my mind.

> Also it can happen the power failure;
> Your PC can be stolen;
>
> Aha?
> = Life is complex: it has both real and imaginary parts. =

Reductio ad ridiculum, but perhaps I should not be too much surprised.
And since you did not rebut my other points, I think you are out of
arguments.

As it stands, your suggestion could serve as yet another fallback, but it
can never replace "97% of all XHR".


PointedEars
--
var bugRiddenCrashPronePieceOfJunk = (
navigator.userAgent.indexOf('MSIE 5') != -1
&& navigator.userAgent.indexOf('Mac') != -1
) // Plone, register_function.js:16
Re: Extralight browser-webserver communication via cookies (+) [message #172677 is a reply to message #172676] Thu, 24 February 2011 16:29 Go to previous messageGo to next message
n00m is currently offline  n00m
Messages: 25
Registered: February 2011
Karma: 0
Junior Member
In e.g. IE's Security Settings there are next menu items:

1) ActiveX controls and plug-ins;

2) Active scripting;

with option to choose "enabled / disabled / warn"
Re: Extralight browser-webserver communication via cookies (+) [message #172678 is a reply to message #172677] Thu, 24 February 2011 16:34 Go to previous message
Thomas 'PointedEars'  is currently offline  Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma: 0
Senior Member
n00m wrote:

> In e.g. IE's Security Settings there are next menu items:

Please learn to quote.

> 1) ActiveX controls and plug-ins;
>
> 2) Active scripting;
>
> with option to choose "enabled / disabled / warn"

I know. And?


PointedEars
--
Use any version of Microsoft Frontpage to create your site.
(This won't prevent people from viewing your source, but no one
will want to steal it.)
-- from <http://www.vortex-webdesign.com/help/hidesource.htm> (404-comp.)
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: Proxy to open blocked sites
Next Topic: terminate a PHP script
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Nov 22 20:29:41 GMT 2024

Total time taken to generate the page: 0.02557 seconds