[Cosmo-dev] CMP and AJAX
mde at osafoundation.org
Fri Sep 22 10:16:21 PDT 2006
Good point about storing credentials page-to-page. There are two ways to
deal with that issue that I can think of -- one that's easy, and one
1. Cookie between loads
Still use a cookie, but only between page loads -- i.e., as soon as the
new page loads up, you put the data into a JS variable and kill the
cookie. That way the data is only in a cookie when a request is in
flight -- so if someone leaves their machine sitting, it's not sitting
in that easy-to-read cookie.
2. Top-level iframe shell
Build the app inside of a full-page single iframe. The hosting document
has the be XHTML 1.0 Transitional to accomodate the frame, but then you
have a top-level document where you can stick all kinds of state data
while the user navigates around in the iframe.
The user doesn't even see the fact that the app is living in an iframe,
because it takes up the entire window. The only noticeable effect for
the user is that the URL in the location bar never changes (because it's
the location for the top-level doc). That might be seen as good, or bad,
depending on what you need to do with your app.
For the developer it adds an extra layer of complexity because what
appears to be a normal page is actually hosted in a full-page iframe,
but it also adds a level of convenience in that you have something that
persists between page loads.
I think in this case if we're already okay with an unencrypted password
sitting on the client, for now, then option 1 is just fine.
Brian Moseley wrote:
> yea, but the issue is storing the credentials from the point when they
> are submitted on the login screen, across the page refresh to the next
> screen, at which point the credentials are needed by ajax requests.
> where does the login screen put the credentials so that the next
> screen can see them?
> cosmo-dev mailing list
> cosmo-dev at lists.osafoundation.org
More information about the cosmo-dev