Simon Willison’s Weblog

13th May 2008 - Link Blog

Session variables without cookies. Brilliant but terrifying hack—you can store up to 2 MB of data in window.name and it persists between multiple pages, even across domains. Doesn’t work with new tabs though, and storing JSON in it and eval()ing it is a bad idea—a malicious site could populate it before sending the user to you.

Posted 13th May 2008 at 9:59 pm

Recent articles

Porting the Moebius 0.2B image inpainting model to run in the browser with Claude Code - 22nd June 2026
sqlite-utils 4.0rc1 adds migrations and nested transactions - 21st June 2026
Datasette Apps: Host custom HTML applications inside Datasette - 18th June 2026

This is a link post by Simon Willison, posted on 13th May 2008.

crossdomainstorage 1 javascript 759 json 148 security 610 sessions 6

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe