undefined | Better HN

0 pointsfreeone30005y ago0 comments

what if we remove the JS, and just had the web browser echo a defined string back to the server? if this token uniquely identified the session, we could safely store the data server-side, with minimal leakage to other sites and no need for code execution at all!

0 comments

2 comments · 1 top-level

rank05y ago· 1 in thread

I can't tell if you're joking or not but this clearly already exists via HTTP headers.

freeone3000OP5y ago

Yes, including the echo, this is literally cookies.

j / k navigate · click thread line to collapse