å¦ä½åå¨çcookieï¼å®å ¨ï¼ï¼å¹¶ä¿æç¨æ·ç»å½æ¶ï¼ä»ä»¬éæ°æå¼æµè§å¨
å¦ä½å®å ¨å°å¨Cookieä¸ä¿åç¨æ·çå¯ç ï¼åæ¶ä»ç¶è½å¤è®¿é®å¯ç ï¼ææä¸ä¸ªåå¨å¯ç çç¨æ·ååsha1çæ¬çcookieï¼ä½å½æå°è¯æ£ç´¢å®ä»¬æ¶ï¼æå¾å°äºï¼å¦é¢æçï¼ç¨æ·ååsha1çæ¬çå¯ç ï¼èä¸æ¯å¯ç æ¬èº«ã谢谢ï¼å¦ä½åå¨çcookieï¼å®å ¨ï¼ï¼å¹¶ä¿æç¨æ·ç»å½æ¶ï¼ä»ä»¬éæ°æå¼æµè§å¨
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title></title>
</head>
<body>
<form id='my_login' name='my_login' action='<?php htmlentities($_SERVER['PHP_SELF'])?>' method='post' accept-charset='UTF-8'>
<input type='hidden' name='submitted' id='submitted' value='1'/>
<label for='username'>Username: </label>
<input id='username' type='text' name='username' value='<?php if(isset($_COOKIE['username'])) echo htmlentities($_COOKIE['username']); ?>'/>
<br/>
<label for='username'>Password: </label>
<input id='password' type='password' name='password' value='<?php if(isset($_COOKIE['password'])) echo htmlentities($_COOKIE['password']); ?>'/>
<br/>
<label for "set_cookie">Remember Me</label>
<input type="checkbox" name="set_cookie" id="set_cookie" value="1"/>
<button id='submit' type='submit' name='submit'>login</button>
</form>
</body>
<html>
å¦ä½å®å ¨å°å¨cookie
åå¨ç¨æ·å¯ç ï¼åå¿å°æ¬å°ç¨æ·çå¯ç ãå³ä½¿ä½¿ç¨å½å被认为æ¯å®å ¨çå å¯ææ¯ï¼æ¨ä¹æ£å¨å¼æ¾å·¨å¤§çæ½å¨å®å ¨æ¼æ´ï¼å 为æ¨æ£å¨è·¨è¶å¤§é客æ·ç«¯è®¡ç®æºä¸ºå¯è½çæ»å»è ä¼ ææ°æ®ã
ç»ç¨æ·æä¾ï¼èä¸æ¯ä¸ä¸ªéæºä¼è¯IDä¸ä¸ªé¿æçcookieã为å°æ¥çä¼è¯æä¾ä¸ä¸ªå°ææ¶é´ï¼æ éæå°åå¨å®ä¸æ¯ä¸ä¸ªå¥½ä¸»æï¼è®¸å¤ç½ç«å°å ¶éå¶ä¸º30天ï¼ã让该IDå¨æå¡å¨ä¸èªå¨ç»å½ç¨æ·ã
æ¤å¤ï¼å½æ¨ä½¿ç¨PHP setcookie
ç¡®ä¿æ¨çæåä¸ä¸ªPARAM httponly
æ·»å 为trueã
çHttpOnly
为TRUEæ¶ï¼cookieå°ä» éè¿HTTPåè®®è¿è¡è®¿é®ãè¿æå³çcookieä¸è½è¢«èæ¬è¯è¨ï¼å¦JavaScriptï¼è®¿é®ãæ人认为ï¼è¿ç§è®¾ç½®å¯ä»¥éè¿XSSæ»å»ææå°å¸®å©åå°èº«ä»½çç¨ï¼å°½ç®¡å®ä¸åæææµè§å¨çæ¯æï¼ï¼ä½æ¯è¿ç§è¯´æ³å¾å¾åå¨äºè®®ãå¨PHP 5.2.0ä¸æ·»å ã TRUEæFALSE
æ¥æºï¼PHP setcookie
è¿å°è½å¤ç±JavaScript被å«æå轻饼干ã
å¦ææ¨è¿å¯ä»¥è®¾ç½®secure
æ å¿åªè½éè¿HTTPSæ¥åécookieçè½åã
æ¯ä¸æ¯ä¸å¯ç ä¸æ ·çæ³æ³ï¼å¦æé»å®¢è·å¾äºè¯¥ä¼è¯IDçæ§å¶æï¼é£ä¹ä»ä»¬å¯ä»¥ç»å½ï¼å¯¹å§ï¼ â 2011-12-26 16:02:23
@user yes - è¿æ¯æ¯ä¸ªèªå¨ç»å½æºå¶çåºæé£é©ãä½æ¯ï¼å¦æé»å®¢çªåä¼è¯ID â 2011-12-26 16:02:54
ï¼é»å®¢ä¸ä¼å¦ä¹ ç¨æ·ç*å¯ç ãå¦å¤ - æ£å¦Pekkaææåºçé£æ ·ï¼æ¨åºè¯¥ææ¶é´éå¶ä¼è¯çæææ§ï¼ä»¥æ大é度å°åå°åå°å¨èçä¼è¯æå¤çæ¶é´ãå³ä½¿é»å®¢è·å¾ä¼è¯cookieï¼ä»ä»¬ä¹åªè½ä½¿ç¨å®ï¼ç´å°ï¼aï¼å®å°æï¼æè ï¼bï¼å½ç¨æ·ä½¿ç¨å ¶å¯ç ç»å½æ¶ï¼å®ä¼è¢«å¦ä¸ä¸ªææçç¨æ·ä¼è¯æ¿æ¢ãå¦æä»ä»¬è·å¾å¯ç ï¼åªè¦è¯¥å¯ç ææï¼ä»ä»¬å°±å¯ä»¥ç»§ç»ç»å½ã â tvanfosson 2011-12-26 16:05:20