First I'm going to describe what their code does and why it can be problematic, and at times it feels difficult to locate the source of the error. Then I'll tell you how we solved it, and give some recommendations on how other schools can fix the issue.
The Javascript that produces the error message counts the number of cookies in the current session. They have decided that if you have more than 18 cookies in your session, it is to many and thus, you receive the error message. Web Advisor by itself produces 16 cookies upon the session being generated.
Their code only examines the number of cookies, it does not check to see if the cookie actually belongs to Web Advisor or not. The reason why this can be an issue is how different servers can read cookies via hierarchical methods.
For instance... Lets say your user first visits http://myschool.edu. Our Website for this URL generates 11 cookies. Then you eventually log onto Web Advisor at http://webadvisor.myschool.edu. Upon entering your credentials, Web Advisor generates 16 cookies. However, webadvisor.myschool.edu can actually read cookies generated at myschool.edu. See Table Below for more details...
| mys.edu | wa.mys.edu | www.mys.edu | |
|---|---|---|---|
| mys.edu | XXXXXXXX | No | No |
| wa.mys.edu | Yes | XXXXXXXXXXXXXXX | No |
| www.mys.edu | Yes | No | XXXXXXXXXXX |
- Based on the table above if you are on myschool.edu it cannot read cookies for any its subdomains.
- If you are at webadvisor.myschool.edu it can read cookies for its parent domain, but cannot view cookies for any siblings (such as www).
Similarly... this problem can manifest itself if you have an independent URL for your Web Advisor installation. For instance myschoolWA.com If you allow access to the site via myschoolWA.com and then at some point that user is switched to www.myschoolWA.com then the user may experience the to many cookies error.
Ultimately this issue is not a Datatel or WebAdvisor problem in my opinion. I believe the problem lies within the browsers allowing a subdomain to access cookies of a parent website. While it certainly has its uses it can also lead to Cross site scripting issues if you aren't careful. (Think student website under the myschool.edu domain.)
Remember cookies are in the control ultimately of the user. So depending on the users settings, you may not be able to delete cookies even if you tell it to do so. But by trying to avoid the situation above this should greatly reduce the number of users that receive this error message at your school.
Have a Merry Christmas and Happy Holidays to everyone!
Cya
Paul
Posts
3 comments:
I've just discovered your blog. Thanks for posting. The info is really enlightening about the datatel products and the source of some of our problems.
- an instructor at a different datatel CC
I humbly disagree....
the W3C has had some pretty clear specifications on COOKIE use and implementation for the developer writing web applications.
I've been in the web-dev biz for... almost as long as the web's been around, and I've never seen a web application handle cookies as poorly as WA does.
WA needs to be fixed in a lot of ways imho, but one of them for-sure is that it manage cookies better.
We recently ran in to this problem, and it brought our WA usage to a standstill for a day or two until Datatel told us that it was the browsers fault... all browsers...
Not the best answer imho.
We followed their suggested modification path and upped the cookie limit to 50 (in the javascript error message), which matches what Firefox and IE have started to accept in the last few major releases of each browser.
It works, but its not really the right answer.
And to second what Ami said... Love your blog :)
I certainly agree they handle cookies poorly. Put all the info into a single cookie! It's not to difficult to do.
Ami, glad you found the site. I don't always just blog about Datatel, but it seems to be the recent topic of choice.
I'll blog about anything that I find that either solves a big problem for me, provides what I think is a useful trick, or sometimes just a rant about something my employer did.
Post a Comment