From 2f57c6c54bceb7d1be061d6f37b501dd6a58eaa4 Mon Sep 17 00:00:00 2001 From: Osmium Sorcerer Date: Tue, 7 Apr 2026 02:55:26 +0000 Subject: Replace cookies with localStorage Cookies's use case is to store persistent data and send it to the server in subsequent requests, such as to remember logged-in sessions. WebAO is using them to store site settings like ad-hoc hash tables that require parsing and serialization. As a nasty side-effect of how cookies work, clients send all their settings every time they connect to the server. Server has absolutely no use for them, but each client sends them anyway, which is an uncalled-for privacy leak. Remove this mechanism entirely, switch to localStorage which serves exactly the purpose of per-origin store with data that never leaves the browser. --- webAO/client.ts | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'webAO/client.ts') diff --git a/webAO/client.ts b/webAO/client.ts index 703ce73..ca53173 100644 --- a/webAO/client.ts +++ b/webAO/client.ts @@ -21,8 +21,6 @@ import { fetchEvidenceList, fetchCharacterList, } from "./client/fetchLists"; -import getCookie from "./utils/getCookie"; -import setCookie from "./utils/setCookie"; const { ip: serverIP, connect, mode, theme, serverName, char: autoChar, area: autoArea } = queryParser(); export { autoChar, autoArea }; @@ -262,8 +260,8 @@ class Client extends EventEmitter { */ joinServer() { this.sender.sendServer(`HI#${hdid}#%`); - if (this.enableCaptcha && getCookie("hdid") !== hdid) { - this.sender.sendServer(getCookie("hdid")); + if (this.enableCaptcha && localStorage.getItem("hdid") !== hdid) { + this.sender.sendServer(localStorage.getItem("hdid")); document.getElementById("client_secondfactor").style.display = "block"; document.getElementById("client_charselect").remove(); document.getElementById("client_ooc").remove(); -- cgit