There are actually several different ways to save material on a client machine:
Use cookies
Use a third-party plug-in such as Flash
Ask the user to right-click on an element and save it to his local directory
Attach a downloadable file to a link, where clicking on the link opens a dialog and tells the user to save the file
Create a browser extension, which is then downloaded and installed
A cookie name, a value, an expiration date for the cookie, and a path associated with the cookie.
Do not provide an expiration date.
Any data that can be invoked in the browser, or can be used to snoop around a clientâ??s cookies, or even run a server-side process. In particular, the phrase, javascript: or script tags should be scrubbed from input.
However, this isnâ??t as cleanly defined as you would think. For content-management tools, it may be feasible for a person to enter script into a specific posting or page. But in a multiuser environment, an individual could use script to find out information about the other users of the system.
Look at any input field with suspicion and ask yourself, who can enter data through the field, and do I trust them 100 percent? Then scrub the data.
There is no right or wrong answer for this question. Here are some uses of cookies Iâ??ve seen:
To maintain a personâ??s username and URL and email for a comment system
To provide live feedback on data entries
To enable a spell checker
To store login information
To maintain a shopping cart
Iâ??ve never run up against the 4 K cookie limit in any of these cases.