The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#11
|
|||
|
|||
Is there some way to eliminate the cookie header? I don't see the point of sending cookie values to the browser and that's the only place my password cookie shows, as the password value is blanked out when the form is submitted. I'm using YAHOO ajax for all my operations
|
#12
|
||||
|
||||
I don't get what you're asking for...
|
#13
|
|||
|
|||
Here's what I see in my dev tool for headers when I send an ajax request
Request URL:http://xxxxxxxxxx.net/filemanager/filemanager.php Request Method:POST Status Code:200 OK Request Headers Accept:*/* Accept-Encoding:gzip,deflate,sdch Accept-Language:en-US,en;q=0.8 Connection:keep-alive Content-Length:175 Content-Type:application/x-www-form-urlencoded; charset=UTF-8 Cookie:bb_lastvisit=1373594455; bb_lastactivity=0; bb_userid=1; bb_password=6c70309c0fasihfoaishu7aedbbdfa34cf7; bb_fe8adc6d804a36; bb_cpsession=90088ef658flaasjhaeiswhfiuhtihae61571 6573ec05172c4fc8; bb_fmsession=e14eaa1506aiueihjfoaijuwhrfiaa6597ecd 9d4cd Host:xxxxxxxxxxx.net Origin:http://xxxxxxxxxxxxx.net Referer:http://xxxxxxxxxxxxx.net/filemanager/filemanager.php User-Agent:Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36 X-Requested-With:XMLHttpRequest Form Data securitytoken:1374966662-571d23q5rtyqo3uiht70d396a2423a97095dc88b adminhash:7981e222c687a5780tqfju3hp095rt8c1a39795f 21 do:findfiles dir:/home/aaaaaaaaaaaaaa/forum/admincp Response Headers Cache-Controlrivate, post-check=0, pre-check=0, max-age=0 Connection:Close Content-Type:text/xml; charset=windows-1252 Date:Sat, 27 Jul 2013 23:11:25 GMT Expires:0 Pragma:no-cache Server:Apache/stuff stuff stuff Transfer-Encoding:chunked X-Powered-By:PHP/5.3.18 Same kind of thing when you go to a page. All the cookies are listed in the request header |
#14
|
|||
|
|||
Well, stating the obvious, that is how cookies are supposed to work - they get sent when the domain and path of the request match. There is a "secure" attribute that is supposed to send the cookies only if you're on a secure server, so maybe if you set that it will work like you want (unless it also disallows JS access because the page wasn't loaded via a secure server).
|
#15
|
|||
|
|||
Tried setting secure=true and it created a cookie but the JS can't read it.
There ought to be some way for a script to make a browser store something that is read only by JS and never by the server scripting, but I know only of cookies and passwords and they are interceptable. |
#16
|
||||
|
||||
why can't the server read it?
|
#17
|
|||
|
|||
The server doesn't need it (but I suppose all cookies are read anyway). I want this stored on the browser and used only on the browser so it can't be intercepted.
I'll be the first to say I don't know much about all this but I would sure like to avoid having information that others can intercept. |
#18
|
||||
|
||||
I guess I just don't get it, its going to be sent to the server anyway.
You could try local storage available in modern browsers. |
#19
|
|||
|
|||
Seems to do it
Code:
var password = fetch_object('fm_login_password'); if(typeof localStorage == 'object'){ window.onload = function(){ setTimeout("if(PassWord = localStorage.getItem('fmpassword')) {password.value = PassWord; password.focus();}", 100) } password.form.onsubmit = function() { localStorage.setItem('fmpassword', password.value); } } else { password.value = ''; } |
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|