0xDECAFBAD

It's all spinning wheels and self-doubt until the first pot of coffee.

Private client-side cookies for AJAX?

Along with the S3 stuff I'm poking at in AJAX, I'd like to retain the user's key ID and secret for S3 locally so that it doesn't need to be reentered all the time or stuck into constants on a server-held file. But, I don't want to stick it into cookies or anything that will go over the wire - since the whole point of the HMAC authentication is to prevent that from happening.

I've looked at AMASS, but it appears to be broken on Mac - which is a non-starter for me on my PowerBook. I'm wondering if there's any other practical way to retain a pair of strings locally across browsers for an AJAX app. Because, beyond just that bit of local storage requirement, I've got entire vistas of persistence available on S3.

I suppose I could stick the credentials in a cookie, then further encrypt them with a friendlier username / passphrase. The main issue I see with constantly reentering the credentials is that they're these big honking strings that I'll never be able to remember like a username and password.

Archived Comments

  • Use Flash's client side storage.

  • That's pretty much what I assumed AMASS did, but it doesn't work on Mac. Not sure why though, if it's doing something weird above and beyond Flash client-side storage.

  • Hey, I just checked in dojo.storage, which now works on Safari and Firefox/Mac! It's in the head of Dojo, so check it out and see if it works for you; play with src/tests/storage for examples and tests. dojo.storage is the new iteration of AMASS, more stable, cross-platform, and generic for other kinds of storage backends.

    Best, Brad Neuberg

  • Brad: That's hot. I curse you for making me dive into learning yet another JS framework besides MochiKit. :) I may just pluck the storage module out of there, but the rest of Dojo looks keen too.

  • Agreed. Dojo rocks my world.