问题描述：

å¦‚ä½•å®‰å…¨åœ°åœ¨Cookieä¸ä¿å˜ç”¨æˆ·çš„å¯†ç ï¼ŒåŒæ—¶ä»ç„¶èƒ½å¤Ÿè®¿é—®å¯†ç ï¼Ÿæˆ‘æœ‰ä¸€ä¸ªå˜å‚¨å¯†ç çš„ç”¨æˆ·åå’Œsha1ç‰ˆæœ¬çš„cookieï¼Œä½†å½“æˆ‘å°è¯•æ£€ç´¢å®ƒä»¬æ—¶ï¼Œæˆ‘å¾—åˆ°äº†ï¼ˆå¦‚é¢„æœŸçš„ï¼‰ç”¨æˆ·åå’Œsha1ç‰ˆæœ¬çš„å¯†ç ï¼Œè€Œä¸æ˜¯å¯†ç æœ¬èº«ã€‚è°¢è°¢ï¼å¦‚ä½•å˜å‚¨çš„cookieï¼ˆå®‰å…¨ï¼‰ï¼Œå¹¶ä¿æŒç”¨æˆ·ç™»å½•æ—¶ï¼Œä»–ä»¬é‡æ–°æ‰“å¼€æµè§ˆå™¨

<!DOCTYPE html> 
<html> 
    <head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> 
<title></title> 
    </head> 
<body> 

<form id='my_login' name='my_login' action='<?php htmlentities($_SERVER['PHP_SELF'])?>' method='post' accept-charset='UTF-8'> 
<input type='hidden' name='submitted' id='submitted' value='1'/> 
<label for='username'>Username: </label> 
<input id='username' type='text' name='username' value='<?php if(isset($_COOKIE['username'])) echo htmlentities($_COOKIE['username']); ?>'/> 
<br/> 
<label for='username'>Password: </label> 
<input id='password' type='password' name='password' value='<?php if(isset($_COOKIE['password'])) echo htmlentities($_COOKIE['password']); ?>'/> 
<br/> 
    <label for "set_cookie">Remember Me</label> 
<input type="checkbox" name="set_cookie" id="set_cookie" value="1"/> 
<button id='submit' type='submit' name='submit'>login</button> 
    </form> 

    </body> 
    <html>

答

å¦‚ä½•å®‰å…¨åœ°åœ¨cookie

å˜å‚¨ç”¨æˆ·å¯†ç ï¼Œåˆ‡å‹¿å°†æœ¬åœ°ç”¨æˆ·çš„å¯†ç ã€‚å³ä½¿ä½¿ç”¨å½“å‰è¢«è®¤ä¸ºæ˜¯å®‰å…¨çš„åŠ å¯†æŠ€æœ¯ï¼Œæ‚¨ä¹Ÿæ£åœ¨å¼€æ”¾å·¨å¤§çš„æ½œåœ¨å®‰å…¨æ¼æ´žï¼Œå› ä¸ºæ‚¨æ£åœ¨è·¨è¶Šå¤§é‡å®¢æˆ·ç«¯è®¡ç®—æœºä¸ºå¯èƒ½çš„æ”»å‡»è€…ä¼ æ’æ•°æ®ã€‚

ç»™ç”¨æˆ·æä¾›ï¼Œè€Œä¸æ˜¯ä¸€ä¸ªéšæœºä¼šè¯IDä¸€ä¸ªé•¿æœŸçš„cookieã€‚ä¸ºå°†æ¥çš„ä¼šè¯æä¾›ä¸€ä¸ªåˆ°æœŸæ—¶é—´ï¼ˆæ— é™æœŸåœ°å˜å‚¨å®ƒä¸æ˜¯ä¸€ä¸ªå¥½ä¸»æ„ï¼Œè®¸å¤šç½‘ç«™å°†å…¶é™åˆ¶ä¸º30å¤©ï¼‰ã€‚è®©è¯¥IDåœ¨æœåŠ¡å™¨ä¸Šè‡ªåŠ¨ç™»å½•ç”¨æˆ·ã€‚

æ˜¯ä¸æ˜¯ä¸Žå¯†ç ä¸€æ ·çš„æƒ³æ³•ï¼Ÿå¦‚æžœé»‘å®¢èŽ·å¾—äº†è¯¥ä¼šè¯IDçš„æŽ§åˆ¶æƒï¼Œé‚£ä¹ˆä»–ä»¬å¯ä»¥ç™»å½•ï¼Œå¯¹å§ï¼Ÿ â€“ 2011-12-26 16:02:23

@user yes - è¿™æ˜¯æ¯ä¸ªè‡ªåŠ¨ç™»å½•æœºåˆ¶çš„å›ºæœ‰é£Žé™©ã€‚ä½†æ˜¯ï¼Œå¦‚æžœé»‘å®¢çªƒå–ä¼šè¯ID â€“ 2011-12-26 16:02:54

ï¼Œé»‘å®¢ä¸ä¼šå¦ä¹ ç”¨æˆ·çš„*å¯†ç ã€‚å¦å¤– - æ£å¦‚Pekkaæ‰€æŒ‡å‡ºçš„é‚£æ ·ï¼Œæ‚¨åº”è¯¥æœ‰æ—¶é—´é™åˆ¶ä¼šè¯çš„æœ‰æ•ˆæ€§ï¼Œä»¥æœ€å¤§é™åº¦åœ°å‡å°‘å—åˆ°å¨èƒçš„ä¼šè¯æ‰€å¤„çš„æ—¶é—´ã€‚å³ä½¿é»‘å®¢èŽ·å¾—ä¼šè¯cookieï¼Œä»–ä»¬ä¹Ÿåªèƒ½ä½¿ç”¨å®ƒï¼Œç›´åˆ°ï¼ˆaï¼‰å®ƒåˆ°æœŸï¼Œæˆ–è€…ï¼ˆbï¼‰å½“ç”¨æˆ·ä½¿ç”¨å…¶å¯†ç ç™»å½•æ—¶ï¼Œå®ƒä¼šè¢«å¦ä¸€ä¸ªæœ‰æ•ˆçš„ç”¨æˆ·ä¼šè¯æ›¿æ¢ã€‚å¦‚æžœä»–ä»¬èŽ·å¾—å¯†ç ï¼Œåªè¦è¯¥å¯†ç æœ‰æ•ˆï¼Œä»–ä»¬å°±å¯ä»¥ç»§ç»ç™»å½•ã€‚ â€“ tvanfosson 2011-12-26 16:05:20

答

æ¤å¤–ï¼Œå½“æ‚¨ä½¿ç”¨PHP setcookieç¡®ä¿æ‚¨çš„æœ€åŽä¸€ä¸ªPARAM httponlyæ·»åŠ ä¸ºtrueã€‚

çš„HttpOnly

ä¸ºTRUEæ—¶ï¼Œcookieå°†ä»…é€šè¿‡HTTPåè®®è¿›è¡Œè®¿é—®ã€‚è¿™æ„å‘³ç€cookieä¸èƒ½è¢«è„šæœ¬è¯è¨€ï¼ˆå¦‚JavaScriptï¼‰è®¿é—®ã€‚æœ‰äººè®¤ä¸ºï¼Œè¿™ç§è®¾ç½®å¯ä»¥é€šè¿‡XSSæ”»å‡»æœ‰æ•ˆåœ°å¸®åŠ©å‡å°‘èº«ä»½ç›—ç”¨ï¼ˆå°½ç®¡å®ƒä¸å—æ‰€æœ‰æµè§ˆå™¨çš„æ”¯æŒï¼‰ï¼Œä½†æ˜¯è¿™ç§è¯´æ³•å¾€å¾€å˜åœ¨äº‰è®®ã€‚åœ¨PHP 5.2.0ä¸æ·»åŠ ã€‚ TRUEæˆ–FALSE

æ¥æºï¼šPHP setcookie

è¿™å°†èƒ½å¤Ÿç”±JavaScriptè¢«åŠ«æŒå‡è½»é¥¼å¹²ã€‚

å¦‚æžœæ‚¨è¿˜å¯ä»¥è®¾ç½®secureæ ‡å¿—åªèƒ½é€šè¿‡HTTPSæ¥å‘é€cookieçš„èƒ½åŠ›ã€‚

å¦ä½å­å¨çcookieï¼å®å ¨ï¼ï¼å¹¶ä¿æç¨æ·ç»å½æ¶ï¼ä»ä»¬éæ°æå¼æµè§å¨

相关推荐

å¦ä½åå¨çcookieï¼å®å¨ï¼ï¼å¹¶ä¿æç¨æ·ç»å½æ¶ï¼ä»ä»¬éæ°æå¼æµè§å¨