PDA

View Full Version : Recall Form Values 2 - Using across different domains



robarco
02-06-2007, 03:44 PM
Recall Form Values 2

http://www.dynamicdrive.com/dynamicindex16/formremember2.htm

Would like to know whether this script could be used on 2 near-identical forms across domains.

Basically, we have a normal form, and we offer a 2nd, secure version of the same form (which also has some unimportant added form fields, at the base of the form, not necessary to remember). This 2nd form is on a different domain.

Thanks

Max

jscheuer1
02-06-2007, 05:02 PM
Not as far as I know. There might be a server-side solution - say if both servers could access the same database - but, on the client side, thankfully no. This script should never be used with secure data anyway.

robarco
02-06-2007, 05:47 PM
I would guess that this would be a browser security thing, such that websites would not read cookies set by other websites, and that therefore this is an absolute no? ie it's not really an identification of the form issue?

Re secure fields, it would really only be the form 2 which would have sensitive data, which would not be remembered - but that's not really the problem here.

Appreciate your confirmation of the above?

M thanks

jscheuer1
02-06-2007, 07:39 PM
Yes, it has to do with cookies. Javascript cookies can only be read by javascript on the domain on which they are set. If the data that you wish to pass is truly unsecure - meaning that it wouldn't matter if users altered and shared it among themselves with the ability to enter it back into the secure form with no validation control on the data itself other than that contained on the secure form - then other things could be done. This would be bad for shopping sites for example. Users could total up a big order then change the price to a dollar but leave the item and quantity data unchanged.

If nothing even remotely like that is a concern, then you could pass the data as get data on the address line (possibly even as hidden post data, I'm not sure about that part), picking it up on the secure page with a server side language like PHP or asp/VBasic.

robarco
02-07-2007, 10:58 AM
Thanks again. As you say the data security is not a concern in this case. We do actually pass on a single value through 2 pages, even across domains, via the URL without any server side scripting, obviously to pass on everything is a bit more involving, but I guess that's the way to go, was just hoping that there was a simpler way to do it!

I'm not a coder, just a "lets take a look at what's going on and tweak/replicate it" person, hence the need ;-)

Thanks

jscheuer1
02-07-2007, 11:21 PM
This post has a neat routine for parsing the query using javascript:

http://www.dynamicdrive.com/forums/showpost.php?p=49382&postcount=10