Home > Fluid Dynamics Search Engine > Help > 1187

Features of the admin interface which depend on Javascript and cookies

The Fluid Dynamics Search Engine admin interface is designed to work with any web browser, even with cookies and Javascript disabled. However, there are some advantages to enabling them.

Javascript

A few optional features use Javascript if it is available. These are:

Cookies

FDSE uses a session-based login system. Login tokens are stored in a session cookie, if the browser supports this. Otherwise, the login token is stored in the query string.

Tokens stored in the query string are much more vulnerable to "session hijack" attacks, because the token is present and stored in all admin URL strings. These URL strings, in turn, are stored in proxies, in server logs, in the browser history, and so on. URL-based tokens may also be sent to other sites in the referring URL. Cookies, on the other hand, are kept much more private.

FDSE administrators are strongly encouraged to enable session cookies, at least within the browser and web site running FDSE.


    "Features of the admin interface which depend on Javascript and cookies"
    http://www.xav.com/scripts/search/help/1187.html