persistent storage across different subdomains












1















I'm trying to figure out how to save data across different subdomains,
I've been researching this a lot and i'm about to give up.
The only solution that works is cookies because i can share them across subdomains but the problem is that those cookies (a bit large in size) sent on every http request to my server which causes issues with the header size.
other alternatives that i've found was the web storage (local storage/session storage ) but it's restricted with SOP , and using an embedded iframe and use postmessage to retrieve and write data is slow because the postmessage api is async which causes data retrieve/write to be slow.
I've tried setting the cookie "path" attribute to some random path and than inject an iframe with that random path and access the cookie via its contentDocument (No SOP restrictions) but again as soon as i append the iframe a network request to that path is executed and the huge header problem again... , I've also tried to use the window.history api to change the path of the document without requesting the new path but i can't access the new path cookies.
Any ideas / alternatives / before i'm giving up and switch to server side storage?



EDIT: i've also tried setting the "document.domain" to bypass the SOP restrictions but thats bad practise to load the main domain in every page just to be able to access its local storage.






javascript html cookies







share|improve this question

























  • Have you tried whether setting document.domain can help with the SOP issues when it comes to local/sessionStorage?

    – misorude
    Nov 22 '18 at 12:19











  • (If not, it should at least allow iframe access across the subdomain border, so that you would not have to use postMessage, but can access methods and properties of the document loaded into the iframe directly.)

    – misorude
    Nov 22 '18 at 12:20











  • @misorude i did read about it but that's a bit like using a bazooka to kill a fly , because i will actually load all the resources and the entire webpage of the main domain every time .

    – avi dahan
    Nov 22 '18 at 12:24











  • I don’t see the problem, it will only load what you tell it to load …? If you only want to load something from the main domain to be able to access its storage – well then don’t load your full, main document with s-loads of external scripts, stylesheets and images embedded - but only a minimal document that contains only what you need for this purpose …?

    – misorude
    Nov 22 '18 at 12:29











  • @misorude you are right ,but i'm developing a third party js library that others will use so i don't have control over the users servers

    – avi dahan
    Nov 22 '18 at 12:32
















1















I'm trying to figure out how to save data across different subdomains,
I've been researching this a lot and i'm about to give up.
The only solution that works is cookies because i can share them across subdomains but the problem is that those cookies (a bit large in size) sent on every http request to my server which causes issues with the header size.
other alternatives that i've found was the web storage (local storage/session storage ) but it's restricted with SOP , and using an embedded iframe and use postmessage to retrieve and write data is slow because the postmessage api is async which causes data retrieve/write to be slow.
I've tried setting the cookie "path" attribute to some random path and than inject an iframe with that random path and access the cookie via its contentDocument (No SOP restrictions) but again as soon as i append the iframe a network request to that path is executed and the huge header problem again... , I've also tried to use the window.history api to change the path of the document without requesting the new path but i can't access the new path cookies.
Any ideas / alternatives / before i'm giving up and switch to server side storage?



EDIT: i've also tried setting the "document.domain" to bypass the SOP restrictions but thats bad practise to load the main domain in every page just to be able to access its local storage.






javascript html cookies







share|improve this question

























  • Have you tried whether setting document.domain can help with the SOP issues when it comes to local/sessionStorage?

    – misorude
    Nov 22 '18 at 12:19











  • (If not, it should at least allow iframe access across the subdomain border, so that you would not have to use postMessage, but can access methods and properties of the document loaded into the iframe directly.)

    – misorude
    Nov 22 '18 at 12:20











  • @misorude i did read about it but that's a bit like using a bazooka to kill a fly , because i will actually load all the resources and the entire webpage of the main domain every time .

    – avi dahan
    Nov 22 '18 at 12:24











  • I don’t see the problem, it will only load what you tell it to load …? If you only want to load something from the main domain to be able to access its storage – well then don’t load your full, main document with s-loads of external scripts, stylesheets and images embedded - but only a minimal document that contains only what you need for this purpose …?

    – misorude
    Nov 22 '18 at 12:29











  • @misorude you are right ,but i'm developing a third party js library that others will use so i don't have control over the users servers

    – avi dahan
    Nov 22 '18 at 12:32














1












1








1








I'm trying to figure out how to save data across different subdomains,
I've been researching this a lot and i'm about to give up.
The only solution that works is cookies because i can share them across subdomains but the problem is that those cookies (a bit large in size) sent on every http request to my server which causes issues with the header size.
other alternatives that i've found was the web storage (local storage/session storage ) but it's restricted with SOP , and using an embedded iframe and use postmessage to retrieve and write data is slow because the postmessage api is async which causes data retrieve/write to be slow.
I've tried setting the cookie "path" attribute to some random path and than inject an iframe with that random path and access the cookie via its contentDocument (No SOP restrictions) but again as soon as i append the iframe a network request to that path is executed and the huge header problem again... , I've also tried to use the window.history api to change the path of the document without requesting the new path but i can't access the new path cookies.
Any ideas / alternatives / before i'm giving up and switch to server side storage?



EDIT: i've also tried setting the "document.domain" to bypass the SOP restrictions but thats bad practise to load the main domain in every page just to be able to access its local storage.






javascript html cookies







share|improve this question
















I'm trying to figure out how to save data across different subdomains,
I've been researching this a lot and i'm about to give up.
The only solution that works is cookies because i can share them across subdomains but the problem is that those cookies (a bit large in size) sent on every http request to my server which causes issues with the header size.
other alternatives that i've found was the web storage (local storage/session storage ) but it's restricted with SOP , and using an embedded iframe and use postmessage to retrieve and write data is slow because the postmessage api is async which causes data retrieve/write to be slow.
I've tried setting the cookie "path" attribute to some random path and than inject an iframe with that random path and access the cookie via its contentDocument (No SOP restrictions) but again as soon as i append the iframe a network request to that path is executed and the huge header problem again... , I've also tried to use the window.history api to change the path of the document without requesting the new path but i can't access the new path cookies.
Any ideas / alternatives / before i'm giving up and switch to server side storage?



EDIT: i've also tried setting the "document.domain" to bypass the SOP restrictions but thats bad practise to load the main domain in every page just to be able to access its local storage.






javascript html cookies




javascript html cookies






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 22 '18 at 12:27







avi dahan

















asked Nov 22 '18 at 12:14









avi dahanavi dahan

1649




1649













  • Have you tried whether setting document.domain can help with the SOP issues when it comes to local/sessionStorage?

    – misorude
    Nov 22 '18 at 12:19











  • (If not, it should at least allow iframe access across the subdomain border, so that you would not have to use postMessage, but can access methods and properties of the document loaded into the iframe directly.)

    – misorude
    Nov 22 '18 at 12:20











  • @misorude i did read about it but that's a bit like using a bazooka to kill a fly , because i will actually load all the resources and the entire webpage of the main domain every time .

    – avi dahan
    Nov 22 '18 at 12:24











  • I don’t see the problem, it will only load what you tell it to load …? If you only want to load something from the main domain to be able to access its storage – well then don’t load your full, main document with s-loads of external scripts, stylesheets and images embedded - but only a minimal document that contains only what you need for this purpose …?

    – misorude
    Nov 22 '18 at 12:29











  • @misorude you are right ,but i'm developing a third party js library that others will use so i don't have control over the users servers

    – avi dahan
    Nov 22 '18 at 12:32



















  • Have you tried whether setting document.domain can help with the SOP issues when it comes to local/sessionStorage?

    – misorude
    Nov 22 '18 at 12:19











  • (If not, it should at least allow iframe access across the subdomain border, so that you would not have to use postMessage, but can access methods and properties of the document loaded into the iframe directly.)

    – misorude
    Nov 22 '18 at 12:20











  • @misorude i did read about it but that's a bit like using a bazooka to kill a fly , because i will actually load all the resources and the entire webpage of the main domain every time .

    – avi dahan
    Nov 22 '18 at 12:24











  • I don’t see the problem, it will only load what you tell it to load …? If you only want to load something from the main domain to be able to access its storage – well then don’t load your full, main document with s-loads of external scripts, stylesheets and images embedded - but only a minimal document that contains only what you need for this purpose …?

    – misorude
    Nov 22 '18 at 12:29











  • @misorude you are right ,but i'm developing a third party js library that others will use so i don't have control over the users servers

    – avi dahan
    Nov 22 '18 at 12:32

















Have you tried whether setting document.domain can help with the SOP issues when it comes to local/sessionStorage?

– misorude
Nov 22 '18 at 12:19





Have you tried whether setting document.domain can help with the SOP issues when it comes to local/sessionStorage?

– misorude
Nov 22 '18 at 12:19













(If not, it should at least allow iframe access across the subdomain border, so that you would not have to use postMessage, but can access methods and properties of the document loaded into the iframe directly.)

– misorude
Nov 22 '18 at 12:20





(If not, it should at least allow iframe access across the subdomain border, so that you would not have to use postMessage, but can access methods and properties of the document loaded into the iframe directly.)

– misorude
Nov 22 '18 at 12:20













@misorude i did read about it but that's a bit like using a bazooka to kill a fly , because i will actually load all the resources and the entire webpage of the main domain every time .

– avi dahan
Nov 22 '18 at 12:24





@misorude i did read about it but that's a bit like using a bazooka to kill a fly , because i will actually load all the resources and the entire webpage of the main domain every time .

– avi dahan
Nov 22 '18 at 12:24













I don’t see the problem, it will only load what you tell it to load …? If you only want to load something from the main domain to be able to access its storage – well then don’t load your full, main document with s-loads of external scripts, stylesheets and images embedded - but only a minimal document that contains only what you need for this purpose …?

– misorude
Nov 22 '18 at 12:29





I don’t see the problem, it will only load what you tell it to load …? If you only want to load something from the main domain to be able to access its storage – well then don’t load your full, main document with s-loads of external scripts, stylesheets and images embedded - but only a minimal document that contains only what you need for this purpose …?

– misorude
Nov 22 '18 at 12:29













@misorude you are right ,but i'm developing a third party js library that others will use so i don't have control over the users servers

– avi dahan
Nov 22 '18 at 12:32





@misorude you are right ,but i'm developing a third party js library that others will use so i don't have control over the users servers

– avi dahan
Nov 22 '18 at 12:32












0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53430807%2fpersistent-storage-across-different-subdomains%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53430807%2fpersistent-storage-across-different-subdomains%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Can a sorcerer learn a 5th-level spell early by creating spell slots using the Font of Magic feature?

Image
28 6 $begingroup$ Per the Font of Magic feature, sorcerer can use Flexible Casting to create 5th-level spell slots at level 7, even though they are not typically available until level 9. You can transform unexpended sorcery points into one spell slot as a bonus action on your turn. The Creating Spell Slots table shows the cost of creating a spell slot of [5th level is 7] If such a sorcerer levels up while still having this 5th-level spell slot, can they choose a 5th-level spell as the spell they gain upon levelling up? The Spellcasting feature states: Additionally, when you gain a level in this class, you can choose one of the sorcerer spells you know and replace it with another spell from the sorcerer spell list, which also must be of a level for which you have spell slots.
Read more

Does disintegrating a polymorphed enemy still kill it after the 2018 errata?

Image
up vote 13 down vote favorite 1 After the 2018 errata, the disintegrate spell description now reads: A creature targeted by this spell must make a Dexterity saving throw. On a failed save, the target takes 10d6 + 40 force damage. The target is disintegrated if this damage leaves it with 0 hit points. If you were to polymorph an enemy into a rat and then disintegrate it, would the enemy be disintegrated or would it just return to its original form? I know that for Druids, it’s not an instant kill anymore, but is this the case for polymorph as well? dnd-5e spells polymorph errata share | improve this question edited 18 hours ago
Read more

A Topological Invariant for $pi_3(U(n))$

Image
3 3 $begingroup$ Recently, I saw a construction of topological invariant for $pi_3(U(n))$ with $ngeq 2$ : $$ N=frac{1}{24pi^2}int_{S^3} d^3x epsilon^{ijk} Tr[(U^{-1}partial_{x_i}U)(U^{-1}partial_{x_j}U)(U^{-1}partial_{x_k}U)] , $$ where $Uin U(n)$ depends on $boldsymbol{x}=(x_1,x_2,x_3)in S^3$ , $epsilon^{ijk}$ is the Levi-Civita symbol, $i,j,k=1,2,3$ , and the duplicated indexes are summed over. It is claimed that $N$ is an integer, but why? Update 02/02/2019 I think I got an argument for $n=2$ . In this case, $U=e^{i varphi} q$ with $qin SU(2)$ . Due to the trace and the Levi-Civita symbol in $N$ , $varphi$ does not contribute to $N$ . As $Tr[q^{dagger}partial_i q]=0$ and $(q^{dagger}partial_i q)^{dagger}=-q^{dagger}partial_i q$ , $q^{dagger}partial_i q$ in geneeral has the form $q^{dagger}partia
Read more