MSIE's Cookies Crumble
2006-08-31 02:49:14.597632+00 by
meuon
4 comments
So one of my tasks in the online learning world, it to be able to export what
looks like our online content management system PHP and MySQL driven interactive courses work in a tightly controlled stand alone environment as well. The tools: Static Web Pages, some flash, JavaScript and Cookies. No big deal, I'm just good enough at JavaScript now attempt it. Did it, The LAMP server exports a set of nice static HTML files with the JavaScript embedded in make them work like they are attached to a live system ie: You answer questions, and on the last page you get a nicely formatted 'quiz results page' and the last page has JavaScript that, behind the scenes makes a post to the launching "Learning Management System" that the person took the course, passed or failed, and what their final score was.
So I'm stuffing Cookies in the browser as questions are answered.. JavaScript is reading them, parsing them.. making things happen and it all works great in FireFox and Opera. It all seems to be working great in MSIE as well.. Life is good. Until we try it on bigger courses.. and find out that MSIE allows 20 cookies of 4kb each. Not 60 of 100 bytes. not even 21 of 100 bytes. 20 cookies. Then it FIFO's them.. Instead of other browsers that handle it as ?? Bytes, and you can stuff it any way you want (it seems so far).
ReWrite. Tomorrow I'll stuff 1 to 5 cookies with lots of data.. maybe import some static textual data from an XML or ASCII file as well to make it easier on brain dead M$IE.
[ related topics:
Web development Content Management Open Source Coyote Grits Nature and environment Robotics Theater & Plays Work, productivity and environment Embedded Devices Education Databases Gambling
]
comments in ascending chronological order (reverse):
#Comment Re: made: 2006-08-31 19:07:33.31621+00 by:
Dan Lyke
[edit history]
It looks like they are indeed within the spec. RFC2109, section 6.3: "Implementation Limits":
Practical user agent implementations have limits on the number and size of cookies that they can store. In general, user agents' cookie support should have no fixed limits. They should strive to store as many frequently-used cookies as possible. Furthermore, general-use user agents should provide each of the following minimum capabilities individually, although not necessarily simultaneously:
- at least 300 cookies
- at least 4096 bytes per cookie (as measured by the size of the characters that comprise the cookie non-terminal in the syntax description of the Set-Cookie header)
- at least 20 cookies per unique host or domain name
User agents created for specific purposes or for limited-capacity
devices should provide at least 20 cookies of 4096 bytes, to ensure
that the user can interact with a session-based origin server.
The information in a Set-Cookie response header must be retained in its entirety. If for some reason there is inadequate space to store the cookie, it must be discarded, not truncated.
Applications should use as few and as small cookies as possible, and they should cope gracefully with the loss of a cookie.
It sucks, 'cause you've got to do more server side, but I'm a big fan of one token and a database, and a clean-up script that wipes stuff from the database after some extended period.
#Comment Re: made: 2006-08-31 19:59:26.357723+00 by:
meuon
[edit history]
Agreed on the token and a back end database. That's how our main systems (old and new) work. In this case specifically, for the FAA, I am extremely limited by the lack of a database or back end server of any kind beyond the most simple and basic AICC/HACP getParam/puParam's back to the launching system. Dispite wonderful projects like Moodle, the online learning world is a disaster area of inapproriate clashing paradigms. Lots of PHD's, complex specifications that attempt to make too many entities doing to many different things all happy.. and very little real world implementation of the resulting specs.
I've ended up stuffing ONE cookie with small tokens representing choices, the JavaScript then pulls a 'table' of all of the supporting data, and does it's things. It was easier for me to just parse the cookies.. if only MSIE supported about 50 small ones....
Rant over for now, I really need to start testing MSIE compatibility earlier in my coding process. It's just easy to do it all in Linux and Firefox and Opera.
#Comment Re: made: 2006-08-31 21:58:14.612238+00 by:
meuon
Additional Note: MSIE's JavaScript doesn't seem to like LONG strings. (6K+)
#Comment Re: made: 2006-09-01 06:48:28.278161+00 by:
Shawn
Are you building this product for an actual, acredited institution? I ask because my employer is currently working towards assembling (building and contracting) a collection of tools that can eventually replace WebCT/Blackboard.
...the online learning world is a disaster area...
<nod> Welcome to my world ;-)