persistent storage across different subdomains












1















I'm trying to figure out how to save data across different subdomains,
I've been researching this a lot and i'm about to give up.
The only solution that works is cookies because i can share them across subdomains but the problem is that those cookies (a bit large in size) sent on every http request to my server which causes issues with the header size.
other alternatives that i've found was the web storage (local storage/session storage ) but it's restricted with SOP , and using an embedded iframe and use postmessage to retrieve and write data is slow because the postmessage api is async which causes data retrieve/write to be slow.
I've tried setting the cookie "path" attribute to some random path and than inject an iframe with that random path and access the cookie via its contentDocument (No SOP restrictions) but again as soon as i append the iframe a network request to that path is executed and the huge header problem again... , I've also tried to use the window.history api to change the path of the document without requesting the new path but i can't access the new path cookies.
Any ideas / alternatives / before i'm giving up and switch to server side storage?



EDIT: i've also tried setting the "document.domain" to bypass the SOP restrictions but thats bad practise to load the main domain in every page just to be able to access its local storage.










share|improve this question

























  • Have you tried whether setting document.domain can help with the SOP issues when it comes to local/sessionStorage?

    – misorude
    Nov 22 '18 at 12:19











  • (If not, it should at least allow iframe access across the subdomain border, so that you would not have to use postMessage, but can access methods and properties of the document loaded into the iframe directly.)

    – misorude
    Nov 22 '18 at 12:20











  • @misorude i did read about it but that's a bit like using a bazooka to kill a fly , because i will actually load all the resources and the entire webpage of the main domain every time .

    – avi dahan
    Nov 22 '18 at 12:24











  • I don’t see the problem, it will only load what you tell it to load …? If you only want to load something from the main domain to be able to access its storage – well then don’t load your full, main document with s-loads of external scripts, stylesheets and images embedded - but only a minimal document that contains only what you need for this purpose …?

    – misorude
    Nov 22 '18 at 12:29











  • @misorude you are right ,but i'm developing a third party js library that others will use so i don't have control over the users servers

    – avi dahan
    Nov 22 '18 at 12:32
















1















I'm trying to figure out how to save data across different subdomains,
I've been researching this a lot and i'm about to give up.
The only solution that works is cookies because i can share them across subdomains but the problem is that those cookies (a bit large in size) sent on every http request to my server which causes issues with the header size.
other alternatives that i've found was the web storage (local storage/session storage ) but it's restricted with SOP , and using an embedded iframe and use postmessage to retrieve and write data is slow because the postmessage api is async which causes data retrieve/write to be slow.
I've tried setting the cookie "path" attribute to some random path and than inject an iframe with that random path and access the cookie via its contentDocument (No SOP restrictions) but again as soon as i append the iframe a network request to that path is executed and the huge header problem again... , I've also tried to use the window.history api to change the path of the document without requesting the new path but i can't access the new path cookies.
Any ideas / alternatives / before i'm giving up and switch to server side storage?



EDIT: i've also tried setting the "document.domain" to bypass the SOP restrictions but thats bad practise to load the main domain in every page just to be able to access its local storage.










share|improve this question

























  • Have you tried whether setting document.domain can help with the SOP issues when it comes to local/sessionStorage?

    – misorude
    Nov 22 '18 at 12:19











  • (If not, it should at least allow iframe access across the subdomain border, so that you would not have to use postMessage, but can access methods and properties of the document loaded into the iframe directly.)

    – misorude
    Nov 22 '18 at 12:20











  • @misorude i did read about it but that's a bit like using a bazooka to kill a fly , because i will actually load all the resources and the entire webpage of the main domain every time .

    – avi dahan
    Nov 22 '18 at 12:24











  • I don’t see the problem, it will only load what you tell it to load …? If you only want to load something from the main domain to be able to access its storage – well then don’t load your full, main document with s-loads of external scripts, stylesheets and images embedded - but only a minimal document that contains only what you need for this purpose …?

    – misorude
    Nov 22 '18 at 12:29











  • @misorude you are right ,but i'm developing a third party js library that others will use so i don't have control over the users servers

    – avi dahan
    Nov 22 '18 at 12:32














1












1








1








I'm trying to figure out how to save data across different subdomains,
I've been researching this a lot and i'm about to give up.
The only solution that works is cookies because i can share them across subdomains but the problem is that those cookies (a bit large in size) sent on every http request to my server which causes issues with the header size.
other alternatives that i've found was the web storage (local storage/session storage ) but it's restricted with SOP , and using an embedded iframe and use postmessage to retrieve and write data is slow because the postmessage api is async which causes data retrieve/write to be slow.
I've tried setting the cookie "path" attribute to some random path and than inject an iframe with that random path and access the cookie via its contentDocument (No SOP restrictions) but again as soon as i append the iframe a network request to that path is executed and the huge header problem again... , I've also tried to use the window.history api to change the path of the document without requesting the new path but i can't access the new path cookies.
Any ideas / alternatives / before i'm giving up and switch to server side storage?



EDIT: i've also tried setting the "document.domain" to bypass the SOP restrictions but thats bad practise to load the main domain in every page just to be able to access its local storage.










share|improve this question
















I'm trying to figure out how to save data across different subdomains,
I've been researching this a lot and i'm about to give up.
The only solution that works is cookies because i can share them across subdomains but the problem is that those cookies (a bit large in size) sent on every http request to my server which causes issues with the header size.
other alternatives that i've found was the web storage (local storage/session storage ) but it's restricted with SOP , and using an embedded iframe and use postmessage to retrieve and write data is slow because the postmessage api is async which causes data retrieve/write to be slow.
I've tried setting the cookie "path" attribute to some random path and than inject an iframe with that random path and access the cookie via its contentDocument (No SOP restrictions) but again as soon as i append the iframe a network request to that path is executed and the huge header problem again... , I've also tried to use the window.history api to change the path of the document without requesting the new path but i can't access the new path cookies.
Any ideas / alternatives / before i'm giving up and switch to server side storage?



EDIT: i've also tried setting the "document.domain" to bypass the SOP restrictions but thats bad practise to load the main domain in every page just to be able to access its local storage.







javascript html cookies






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 22 '18 at 12:27







avi dahan

















asked Nov 22 '18 at 12:14









avi dahanavi dahan

1649




1649













  • Have you tried whether setting document.domain can help with the SOP issues when it comes to local/sessionStorage?

    – misorude
    Nov 22 '18 at 12:19











  • (If not, it should at least allow iframe access across the subdomain border, so that you would not have to use postMessage, but can access methods and properties of the document loaded into the iframe directly.)

    – misorude
    Nov 22 '18 at 12:20











  • @misorude i did read about it but that's a bit like using a bazooka to kill a fly , because i will actually load all the resources and the entire webpage of the main domain every time .

    – avi dahan
    Nov 22 '18 at 12:24











  • I don’t see the problem, it will only load what you tell it to load …? If you only want to load something from the main domain to be able to access its storage – well then don’t load your full, main document with s-loads of external scripts, stylesheets and images embedded - but only a minimal document that contains only what you need for this purpose …?

    – misorude
    Nov 22 '18 at 12:29











  • @misorude you are right ,but i'm developing a third party js library that others will use so i don't have control over the users servers

    – avi dahan
    Nov 22 '18 at 12:32



















  • Have you tried whether setting document.domain can help with the SOP issues when it comes to local/sessionStorage?

    – misorude
    Nov 22 '18 at 12:19











  • (If not, it should at least allow iframe access across the subdomain border, so that you would not have to use postMessage, but can access methods and properties of the document loaded into the iframe directly.)

    – misorude
    Nov 22 '18 at 12:20











  • @misorude i did read about it but that's a bit like using a bazooka to kill a fly , because i will actually load all the resources and the entire webpage of the main domain every time .

    – avi dahan
    Nov 22 '18 at 12:24











  • I don’t see the problem, it will only load what you tell it to load …? If you only want to load something from the main domain to be able to access its storage – well then don’t load your full, main document with s-loads of external scripts, stylesheets and images embedded - but only a minimal document that contains only what you need for this purpose …?

    – misorude
    Nov 22 '18 at 12:29











  • @misorude you are right ,but i'm developing a third party js library that others will use so i don't have control over the users servers

    – avi dahan
    Nov 22 '18 at 12:32

















Have you tried whether setting document.domain can help with the SOP issues when it comes to local/sessionStorage?

– misorude
Nov 22 '18 at 12:19





Have you tried whether setting document.domain can help with the SOP issues when it comes to local/sessionStorage?

– misorude
Nov 22 '18 at 12:19













(If not, it should at least allow iframe access across the subdomain border, so that you would not have to use postMessage, but can access methods and properties of the document loaded into the iframe directly.)

– misorude
Nov 22 '18 at 12:20





(If not, it should at least allow iframe access across the subdomain border, so that you would not have to use postMessage, but can access methods and properties of the document loaded into the iframe directly.)

– misorude
Nov 22 '18 at 12:20













@misorude i did read about it but that's a bit like using a bazooka to kill a fly , because i will actually load all the resources and the entire webpage of the main domain every time .

– avi dahan
Nov 22 '18 at 12:24





@misorude i did read about it but that's a bit like using a bazooka to kill a fly , because i will actually load all the resources and the entire webpage of the main domain every time .

– avi dahan
Nov 22 '18 at 12:24













I don’t see the problem, it will only load what you tell it to load …? If you only want to load something from the main domain to be able to access its storage – well then don’t load your full, main document with s-loads of external scripts, stylesheets and images embedded - but only a minimal document that contains only what you need for this purpose …?

– misorude
Nov 22 '18 at 12:29





I don’t see the problem, it will only load what you tell it to load …? If you only want to load something from the main domain to be able to access its storage – well then don’t load your full, main document with s-loads of external scripts, stylesheets and images embedded - but only a minimal document that contains only what you need for this purpose …?

– misorude
Nov 22 '18 at 12:29













@misorude you are right ,but i'm developing a third party js library that others will use so i don't have control over the users servers

– avi dahan
Nov 22 '18 at 12:32





@misorude you are right ,but i'm developing a third party js library that others will use so i don't have control over the users servers

– avi dahan
Nov 22 '18 at 12:32












0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53430807%2fpersistent-storage-across-different-subdomains%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53430807%2fpersistent-storage-across-different-subdomains%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

"Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

Alcedinidae

Origin of the phrase “under your belt”?