[Cosmo-dev] CMP and AJAX

Matthew Eernisse mde at osafoundation.org
Fri Sep 22 10:16:21 PDT 2006 

Good point about storing credentials page-to-page. There are two ways to 
deal with that issue that I can think of -- one that's easy, and one 
that's harder.

1. Cookie between loads
Still use a cookie, but only between page loads -- i.e., as soon as the 
new page loads up, you put the data into a JS variable and kill the 
cookie. That way the data is only in a cookie when a request is in 
flight -- so if someone leaves their machine sitting, it's not sitting 
in that easy-to-read cookie.

2. Top-level iframe shell
Build the app inside of a full-page single iframe. The hosting document 
has the be XHTML 1.0 Transitional to accomodate the frame, but then you 
have a top-level document where you can stick all kinds of state data 
while the user navigates around in the iframe.

The user doesn't even see the fact that the app is living in an iframe, 
because it takes up the entire window. The only noticeable effect for 
the user is that the URL in the location bar never changes (because it's 
the location for the top-level doc). That might be seen as good, or bad, 
depending on what you need to do with your app.

For the developer it adds an extra layer of complexity because what 
appears to be a normal page is actually hosted in a full-page iframe, 
but it also adds a level of convenience in that you have something that 
persists between page loads.

I think in this case if we're already okay with an unencrypted password 
sitting on the client, for now, then option 1 is just fine.


Matthew

Brian Moseley wrote:
> yea, but the issue is storing the credentials from the point when they
> are submitted on the login screen, across the page refresh to the next
> screen, at which point the credentials are needed by ajax requests.
> where does the login screen put the credentials so that the next
> screen can see them?
> _______________________________________________
> cosmo-dev mailing list
> cosmo-dev at lists.osafoundation.org
> http://lists.osafoundation.org/mailman/listinfo/cosmo-dev
>

More information about the cosmo-dev mailing list