Mark wrote:
I am designing a game for a forum. When the user has finished playing
I need to save their data to a cookie then navigate to a page which
holds their score data (I can't have both sets of data on the same
page because I can't control the forum design). The score data is
updated with the results held in the cookie and the cookie is deleted.
I need to stop the user just typing for example
javascript:document.cookie="myScore=1000000" into the address bar and
therefore cheating. How can I stop the user updating the cookie
through the address bar, other than through frames/popup window.
You cannot. This reads like a security related issue, so keep in mind
that you can never reliably prevent information stored client-side from
being manipulated. (And aside from being open to changes as well, you
do no good by using an iFrame.) You need to store the score server-side
like any other information that is subject to security.
Note that if you do this, AIUI you also need to inform the player that
his/her score is being saved on the server and they must agree to that
either before they are allowed to play or before it is saved (i.e. they
must be allowed to prevent their score from being saved/updated, and they
must be allowed to delete that information later). A score is information
related to an individual, so you need their explicit consent. Ref.: Data
protection, duty/obligation of secrecy/confidentiality.
HTH
PointedEars