Client only cookies - cookie which doesn't ever go to the server

I know it´s a little late for you, but this answer is for all who have the same problem.

1) With HTML5 you can use [web storage][1].

2) (Just an idea! - not tested!) You could define a cookie (via javascript on client) and set the "secure"-attribute. In this case, the cookie will only be sent to the server on HTTPS connections. To make sure the cookie never leaves the browser, you just never open a HTTPS connection ;-)


If browser compatibility is a concern you can use a some javascript to wrap around various different technologies. Older versions of IE support (supprise supprise) a proprietary version of localstorage called userData (I don't think it's exactly the same, but should do what you need).

A wrapper script like http://www.jstorage.info/ or https://github.com/marcuswestin/store.js should do what you need it to do.


I'm 100% sure that there is no way to force cookies to be client-side only, they are allways sent to server. There is however possible to do the opposite: server-side only cookies (not readable by javascript) by setting HttpOnly flag on cookie.