Chapter 10. Cookies and Other Client-Side Storage Techniques

Originally, JavaScript was not intended to be used to create large and complex applications, or to communicate independently with the server. The primary way to store any information on the client was through an object known as a cookie.

Cookies are bits of data storage on the client based on key information, provided by the server, that allows JavaScript developers to persist information either during a session (until a browser is closed) or between sessions (web accesses). The original concept was that only those requests to get or write cookies associated with the web page’s domain would be given access, and therefore the information would be secure. Based on this premise, JavaScript was used to persist everything from a person’s login name and password to her shopping cart contents. It’s rare for a commercial website nowadays to not have some form of cookie implemented—whether you want it or not.

Over time, breaks in the security of cookies, as well as concerns regarding privacy, have tarnished the reputation of JavaScript cookies. Concerns about privacy in particular have led to more people turning off cookie support in their browsers. Still, cookies are very popular and, if they’re not abused, are very helpful.

However, cookies have also shown themselves to be limited, and not just for security reasons. The amount of storage and the ease of access for cookies have not stood the test of time for larger Ajax applications. ...

Get Learning JavaScript, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.