FDSE :: Help :: Features of the admin interface which depend on Javascript and cookies

Home > Fluid Dynamics Search Engine > Help > 1187

Features of the admin interface which depend on Javascript and cookies

The Fluid Dynamics Search Engine admin interface is designed to work with any web browser, even with cookies and Javascript disabled. However, there are some advantages to enabling them.

Javascript

A few optional features use Javascript if it is available. These are:

On Internet Explorer browsers with Javascript enabled, the "uncontrolled exit" warnings will appear when the underlying Perl process is killed. These warnings link to Dealing with server timeouts and killed processes.

These script-based messages are the only warnings available for killed processes. When the Perl process is killed and the admin does not have Javascript enabled, the screen will be blank or will contain only partial content. The admin will not know what went wrong or why. The admin may not even realize that an error occurred.
The long-running index rebuild actions, which span multiple CGI executions using META refresh, will no longer automatically refresh if they experience a server timeout or a killed process (a timeout causes the Perl process to die before the final META refresh is printed). However, when using Internet Explorer with Javascript enabled, the rebuild action will automatically restart itself after a short sleep interval.
On any browser with Javascript enabled, action links labeled "check all" and "clear all" will appear immediately above or below large sets of records that all have checkboxes or radio buttons associated with them. These action links make it easy to quickly select or unselect all items.
When setting a new admin password, Javascript can validate that the new passwords match before the form is submitted.

Cookies

FDSE uses a session-based login system. Login tokens are stored in a session cookie, if the browser supports this. Otherwise, the login token is stored in the query string.

Tokens stored in the query string are much more vulnerable to "session hijack" attacks, because the token is present and stored in all admin URL strings. These URL strings, in turn, are stored in proxies, in server logs, in the browser history, and so on. URL-based tokens may also be sent to other sites in the referring URL. Cookies, on the other hand, are kept much more private.

FDSE administrators are strongly encouraged to enable session cookies, at least within the browser and web site running FDSE.

    "Features of the admin interface which depend on Javascript and cookies"
    http://www.xav.com/scripts/search/help/1187.html