5

I have a lobby written in HTML5 / javascript. A .json file provides a few config parameters for the lobby and for the various other HTML5 games that can be launched from it. These parameters can either be passed to the games in the window.open string ( in the form of:

window.open(http://www.myLovelyDomain.com/index.html?username=bob&token=aaaXXX")

or could be held in localStorage and accessed by the game following it's launch.

My question is, what is the best (most secure/likely to cause least errors/etc) method? I know users can turn off localStorage, but I don't know how many do. Any thoughts?

Simple Simon
  • 712
  • 2
  • 8
  • 23
  • `localStorage` is much less likely to be user-edited or copy/pasted to a different user and will persist across sessions, but it means your server can't `$_GET` the data directly if you want user/token-specific code sent (you'd need to ajax for it). – Paul S. Nov 13 '12 at 09:59
  • The user must login in order to launch the games, opening a session which is connected to that specific browser instance so copy/pasting parameters across to a different user isn't possible. Anything else I should be thinking about? – Simple Simon Nov 13 '12 at 11:19
  • You have a wider choice of characters and can store more data. It that it doesn't pass to the server also means less bandwidth usage. You could store the entire .json file in it if contents are static enough. (Although if you're using a [manifest](https://developer.mozilla.org/en-US/docs/HTML/Using_the_application_cache) that may be unnecessary) – Paul S. Nov 13 '12 at 12:32
  • Seeing as nobody else has anything to say on this subject, if you put your comments into an answer, @Paul S. and I'll accept your answer. Thanks for the help. – Simple Simon Nov 14 '12 at 07:43

1 Answers1

7

Advantages of localStorage over URL query strings

  • Less likely to be user edited
  • Less likely to be copy&pasted to someone else
  • Can persist across sessions
  • Wider choice of characters
  • (Marginally) less bandwidth usage (shorter GETs)
  • Can store whole files
  • Invisible to basic user

Disadvantages

  • Server doesn't get access to the variables without additional ajax
  • May be harder to debug
  • May need extra checks if things change every session (or consider sessionStorage)
  • Not supported by old browsers
  • Can't use cross-domain directly (may be advantage, depending on how you look at it)

For supported list and max sizes see here.

Paul S.
  • 64,864
  • 9
  • 122
  • 138
  • 4
    One more disadvantage I think is that if you open more than one tab, you won't be able to open pages with different data as you could do with query strings (Unless you use `sessionStorage`) – Azat Jul 22 '14 at 10:24