Comments on: JavaScript library and .swf for cross-domain flash cookies

By: nFriedly

nFriedly — Thu, 27 Oct 2011 21:59:54 +0000

No problem. I just added some additional comments to the ActionScript file to clarify things there also.

By: Lord Vader

Lord Vader — Thu, 27 Oct 2011 21:12:43 +0000

Awesome! Thanks for the quick response!

By: nFriedly

nFriedly — Thu, 27 Oct 2011 20:05:53 +0000

Hi Vader,

You’re close, it would actually be just the domain part, so in my case:

Security.allowDomain(“nfriedly.com”);

Or, to support multiple domains / subdomains, I believe you would have to do:

Security.allowDomain(“nfriedly.com”, “www.nfriedly.com”);

And then if you want the file to be accessible across http/https boundaries (where the .swf is https but the page is http or vice versa), you also need to do the same with:

Security.allowInsecureDomain(“nfriedly.com”, “www.nfriedly.com”);

You can find more details here:
http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/system/Security.html#allowDomain%28%29

By: Lord Vader

Lord Vader — Thu, 27 Oct 2011 02:57:17 +0000

Hi Nathan,

Thanks for putting this together. In the readme you mention “It would be wise to edit and recompile the flash file to limit itself to your domain and http/https settings.” Where do you fix this?

Looking at Storage.as, would it be this?
Security.allowDomain(“*”);

For example, to only allow your domain, would you just edit the value to something like:
Security.allowDomain(“http://nfriedly.com/”);

If so, how does that work with sub-domains, or even with www? Thanks for your help!

By: nFriedly

nFriedly — Wed, 20 Jul 2011 21:32:07 +0000

I’m not sure… It works for me in Opera 11.5 / OS X 10.6.8 / Flash 10,3,181,34 debug. What versions / OS are you running? (Flash player version is here: http://kb2.adobe.com/cps/155/tn_15507.html)

That page also tells whether or not it has Local File I/O Enabled. I’m not positive, but I think that’s a requirement. Is it enabled on your system?

I’m moving soon, so I really can’t jump on this right away. If you want to dig into it more without me though, you’re more than welcome to. If you come up with anything, definitely let me know. I know there’s a debug version of flash player at http://www.adobe.com/support/flashplayer/downloads.html, but I don’t know a lot about working with it.

Thanks for the compliments

By: Jona

Jona — Tue, 19 Jul 2011 13:37:11 +0000

It’s partially working in Opera (checked in v11.10).
The script can create the flash object but it can’t get the value: swfStore.get(key) returns ‘undefined’.

I have tried to debug the script (using Opera Dragonfly) but the browser crash when I look at the ‘swf’ object.

Any ideas?

BTW: Awesome piece of code, well written and commented!!

By: Nathan

Nathan — Fri, 15 Apr 2011 18:39:15 +0000

I have to say not only is this a quality piece of code but Nathan’s a quality guy to boot!

Thanks for the help.

For whatever its worth, we at yousoft (shameless plug: http://www.yousoft.co.uk) use it for one of our clients.

Specifically they require users to use a cool piece of javascript that scrapes content from sites and creates wish lists (great for weddings, birthdays etc).

Thanks to Nathan users don’t have to log in every time they view another page

Great work!!

By: nFriedly

nFriedly — Wed, 06 Apr 2011 03:45:29 +0000

No donation button, although I do appreciate the thought

Code contributions and links back to my site, however are greatly appreciated.

By: Danny

Danny — Wed, 06 Apr 2011 03:10:03 +0000

Where is your donation button? I love to pay a small amount over PayPal for your work. Not much because I am a poor guy from Vietnam. But it helps me a lot to learn about JS and Flash Actionscript

By: nFriedly

nFriedly — Wed, 06 Apr 2011 03:03:01 +0000

Done. I also left a note in the readme that users should try to limit the domains and compile a custom, more secure .swf if possible.

As always, everything is on github: https://github.com/nfriedly/Javascript-Flash-Cookies

Thanks for the feedback, let me know once your site is live.