Simon Willison's Weblog: crossdomainstoragehttp://simonwillison.net/2008-05-13T21:59:39+00:00Simon WillisonSession variables without cookies2008-05-13T21:59:39+00:002008-05-13T21:59:39+00:00https://simonwillison.net/2008/May/13/session/#atom-tag
<p><strong><a href="http://www.thomasfrank.se/sessionvars.html">Session variables without cookies</a></strong></p>
Brilliant but terrifying hack—you can store up to 2 MB of data in window.name and it persists between multiple pages, even across domains. Doesn’t work with new tabs though, and storing JSON in it and eval()ing it is a bad idea—a malicious site could populate it before sending the user to you.
<p>Tags: <a href="https://simonwillison.net/tags/crossdomainstorage">crossdomainstorage</a>, <a href="https://simonwillison.net/tags/javascript">javascript</a>, <a href="https://simonwillison.net/tags/json">json</a>, <a href="https://simonwillison.net/tags/security">security</a>, <a href="https://simonwillison.net/tags/sessions">sessions</a></p>