如何基于cookie的认证工作？ [英] How does cookie based authentication work?

问题描述

有人可以给我一个循序渐进如何基于Cookie的身份验证的作品步骤说明？我从来没有做过任何涉及任何认证或饼干。什么是浏览器需要做什么？什么是服务器需要做什么？按照什么顺序？我们如何让事情变得安全？

Can someone give me a step by step description of how cookie based authentication works? I've never done anything involving either authentication or cookies. What does the browser need to do? What does the server need to do? In what order? How do we keep things secure?

我一直在阅读有关不同类型的身份验证和关于cookies，但我想如何使用两个比比看我只读过，他们经常一起使用的基本描述，但无法找到如何描述

I've been reading about different types of authentication and about cookies but I would like a basic description of how to use the two together- I've only read that they are often used together but could not find a description of how.

推荐答案

Cookie是基本上只是在字典中的项目。每个项目有一个键和一个值。对于身份验证，密钥可能是这样的用户名和值将是用户名。每次对一个网站的请求时，浏览器将包括在请求中的cookie，主机服务器将检查的cookie。因此，认证可自动完成这样的。

A cookie is basically just a item in a dictionary. Each item has a key and a value. For authentication, the key could be something like 'username' and the value would be the username. Each time you make a request to a website, your browser will include the cookies in the request, and the host server will check the cookies. So authentication can be done automatically like that.

要设置一个cookie，你就必须将其添加到服务器的请求后发回的响应。那么浏览器就会在收到的响应添加cookie。

To set a cookie, you just have to add it to the response the server sends back after requests. The browser will then add the cookie upon receiving the response.

有不同的选项，你可以配置cookie的服务器端，如过期时间或加密。一个加密的cookie通常被称为签名的饼干。基本上服务器加密字典中的项键和值，所以只有服务器可以利用的信息。于是饼干是安全的。

There are different options you can configure for the cookie server side, like expiration times or encryption. An encrypted cookie is often referred to as a signed cookie. Basically the server encrypts the key and value in the dictionary item, so only the server can make use of the information. So then cookie would be secure.

一个浏览器会保存由服务器设置的cookie。在每一个浏览器发出到该服务器的请求的HTTP头中，它将增加的cookie。它只会增加饼干为它们设置的域。 Example.com可以设置一个cookie，并添加选项在HTTP标头的浏览器发送cookie回子域，像sub.example.com。这将是不可接受的浏览器永远cookie发送到不同的域。

A browser will save the cookies set by the server. In the HTTP header of every request the browser makes to that server, it will add the cookies. It will only add cookies for the domains that set them. Example.com can set a cookie and also add options in the HTTP header for the browsers to send the cookie back to subdomains, like sub.example.com. It would be unacceptable for a browser to ever send cookies to a different domain.

这篇关于如何基于cookie的认证工作？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！