Hello,
is there any cookie configuration that don't allow the server to see
the data?
Or is there any workaround that holds javascript variables without sending them across the web?
I've used iframes for that, but it's not simple and flexibe enough.
Not too sure what you're trying to acheive here. Why would you not like the server to see the data? Do you need to remember the variable across multiple sessions or just during that particular session in the browser?
I crypt the userpassword+serverrandomnumber with md5(javascript implementation) and send the result to the server.
At the first time it's ok, but i need to keep the userpassword in the client
side during the user's navigation and do the test every time without asking to the user the password again.
Actually, the session is: md5(randomnumber + md5(password))
randomnumber -> is received from the server every access
md5(password) -> is necessary to javascript every access
it's not good send the password or the md5(password) to the server for security reasons. if it stays in client side, only the session var will be public