php，有没有一个安全的方式来存储密码在cookies？ [英] php, is there a safe way to store password in cookies?

问题描述

是否可以在PHP中将密码存储在Cookie中的安全方式

还是不建议使用？

感谢

解决方案

不建议这样做

...即使加密也是如此。将这些信息存储在客户端计算机上，使他们有机会比较cookies，希望解密。更糟糕的是他们可以嗅探别人的Cookie，然后伪装成该用户！

建议的是让用户通过安全连接登录并发送会话Cookie 。会话cookie包含会话ID，PHP将自动映射到服务器上的会话文件。然后，您可以在会话中存储用户标识。在短时间后，会话应该过期。

会话由PHP自动管理，您应该利用它。

这是一个有关如何使用PHP会话的教程。

is there a safe way of storing passwords in cookies in php?

or is it not recomended?

thanks

解决方案

This is not recommended...

... even if encrypted. Storing this information on a client machine gives them the opportunity to compare cookies in the hopes of decrypting. Worse they could sniff a cookie from someone else and then masquerade as that user!

What is recommended is having the user login through a secure connection and sending a session cookie in response. The session cookie contains a session id which PHP will automatically map to a session file on the server. You can then store a user id in the session. After a short time, the session should be expired.

Sessions are automatically managed by PHP and you should take advantage of it.

Here's a tutorial on how to use PHP sessions.

这篇关于php，有没有一个安全的方式来存储密码在cookies？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！