Hello,
Am planning to use cookies to communicate between two browser windows. Am wondering if there are any drawbacks that I can't think of. The data is not required on the server side, thus communication via cookie should be enough for the purpose. Am I missing something or is this fine to use?
I know the limit is 4K. Roughly how much is 4k in text? say I want to store MD5/SHA strings. How many such md5 strings can i store in a single cookie?
Thank you very much for your time.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis quam quam, bibendum sit amet egestas id, suscipit vel mi. Integer est lacus, blandit vel accumsan non, lobortis eget purus. Nunc non felis nec justo ullamcorper suscipit. Vestibulum dapibus lobortis semper. Quisque mollis, lectus non porta semper, quam sapien adipiscing erat, in tincidunt risus lacus et felis. Vivamus pellentesque, massa in varius cursus, lorem tortor vehicula velit, et commodo neque sapien eget felis. Morbi iaculis condimentum lorem nec iaculis. Vivamus sem ligula, vestibulum id tempus scelerisque, aliquam non velit. Integer ac sapien lorem, sed egestas ligula. Nam tristique tortor id odio imperdiet fermentum sed sit amet nisl. Aliquam in tortor ligula, dignissim iaculis libero. Fusce ut tortor ante, in convallis nisi.
Curabitur accumsan condimentum turpis, tincidunt fringilla nibh hendrerit vitae. Aliquam ac arcu nibh, eget viverra dui. Sed a nisi nibh, ut interdum orci. Suspendisse laoreet sollicitudin libero ac fermentum. Curabitur ultrices enim sit amet massa mollis in dapibus libero iaculis. In enim elit, mattis eget vestibulum at, faucibus at felis. Sed ultrices posuere libero, id consectetur nibh lacinia vel. Maecenas non mi eu dui sodales commodo et a mi. Aliquam erat volutpat. Vestibulum interdum, lectus eget cursus elementum, ligula metus iaculis libero, ac accumsan sapien eros vitae eros. Quisque vulputate massa quis augue mollis pharetra ac eu risus. Donec tristique purus nec erat tristique hendrerit. Integer consectetur nibh nec augue ornare tempus varius eros imperdiet. Quisque venenatis condimentum nisi, facilisis elementum lorem molestie eu. Donec id elit nec arcu tincidunt consectetur id sit amet velit. Nulla ut purus sapien.
Praesent a tortor magna. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam non tincidunt mauris. Morbi euismod sollicitudin ipsum in euismod. Suspendisse potenti. Ut semper, risus viverra porta semper, urna nisi placerat erat, at luctus ante mi in velit. Sed ac congue purus. Curabitur sit amet lacinia elit. Sed ac eros elit. In hac habitasse platea dictumst. In feugiat ipsum at dolor viverra non dictum dui fringilla. Duis quis urna mi. Mauris non tellus non augue pretium commodo vitae adipiscing nulla. Donec aliquet libero sit amet ipsum pharetra non fermentum sapien euismod. Quisque commodo erat vel nisl tristique placerat. Morbi eros urna, dignissim pulvinar ullamcorper sed, convallis at risus. Phasellus quis convallis lectus. Etiam eu aliquet odio. Integer diam neque, tincidunt ac semper quis, gravida eget eros. Praesent augue orci, sagittis vitae semper ut, accumsan in turpis.
Nam ac erat sit amet metus congue ullamcorper at ac quam. Sed auctor fringilla ligula, vitae iaculis mauris tempus et. Etiam pulvinar, odio non egestas mollis, odio ligula elementum dolor, non auctor nulla leo sit amet orci. Aenean leo urna, congue id tristique in, consequat in augue. Morbi vel condimentum dui. Curabitur eu augue felis, sed luctus nisi. Pellentesque eu tortor non erat placerat iaculis a nec tortor. Maecenas ultrices tristique lectus et fermentum. Duis et faucibus diam. Vivamus vitae nibh neque. Sed massa odio, adipiscing at ultricies non, viverra a urna. Praesent posuere dui in nibh pulvinar vitae lacinia est congue. Ut congue vestibulum arcu, eget venenatis augue scelerisque quis. Vivamus augue libero, molestie ut condimentum ac, pretium vitae nunc.
Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus sodales varius orci a tempus. Suspendisse potenti. Sed pellentesque euismod erat, et tincidunt lectus vehicula quis. Mauris blandit fermentum urna, a posuere risus vestibulum feugiat. Sed pulvinar, lacus quis dignissim ullamcorper, odio arcu euismod massa, in suscipit odio ipsum quis sapien. Vestibulum nec neque vel leo tincidunt sollicitudin. Quisque et est ut erat blandit dapibus a mollis metus. Etiam turpis duis.
4k is 4096 bytes. So you can store 4096 one byte characters (ASCII).
But as you want to store hash values, you should better use the Base64 encoded values of the raw hash values. Thus you could store 6 bit per character instead of just 4 bit per character if you’d use the hexadecimal value.
Stored as name/value pairs each MD5 will be at least 36 characters (assuming it is stored as a hex string with a single character name, md5+name+"="+separator = 32+2+1+1), longer as you'll be being good and using meaningful names... At 36 characters you can fit 117 in 4K (4096 characters, assuming ASCII characters throughout), but make sure you leave room for overhead like session id cookies from your server-side scripting environment and such.
SHA1 will be longer (160 bit, not 128) and SHA2 longer still (between 224 and 512 bit depending on exact variant used). Using Base64 encoding or similar instead of plain hex will reduce the size (22 characters for MD5, assuming no padding, instead of 32).
As far as gotchas go for using cookies in this way, the main one will be that some users have cookies turned off completely (even first party session cookies) though depending on your target audience this may not be an issue.
You will also need to make sure you test in all browsers your users are likely to use, making sure that an update to the cookies by scripts in one window does in fact update the data available to scripts in the other windows without a client/server round trip.
You will also need to train Internet Explorer users to know the difference between starting a new IE window with ctrl-N or your links, and starting a new process by launching IE from the start menu. In the latter case the cookies will almost certainly not be shared with other windows until a round-trip occurs.