使用Cookie和cURL [英] Using Cookies with cURL
问题描述
我使用cURL远程登录网站,一切工作正常。我发布登录信息,检索cookie和被远程站点重定向。我有几个关于Cookie如何实际运作的问题。
$ ch = curl_init();
curl_setopt($ ch,CURLOPT_URL,'https:// website');
curl_setopt($ ch,CURLOPT_FOLLOWLOCATION,TRUE);
curl_setopt($ ch,CURLOPT_POST,TRUE);
curl_setopt($ ch,CURLOPT_POSTFIELDS,$ post_str);
curl_setopt($ ch,CURLOPT_COOKIEJAR,'/php/cookies.txt');
curl_setopt($ ch,CURLOPT_COOKIEFILE,'/php/cookies.txt');
$ result = curl_exec($ ch);
$ x = curl_getinfo($ ch);
print_r($ x);
1。)有一些安全问题,我需要关心通过POST发送登录信息?
2)当我将 curlopt_cookiejar 设置为/php/cookies.txt时,看到该文件保存在任何地方。这可能是由于权限,但登录仍在工作。为什么会是这样?
3。)正确的权限允许这个文件被写入并保存?是否存储cookiejar文件在明文安全?保存此文件的最佳位置是什么?
4。)如果多个用户定期使用此脚本,会阻止正确的cookie信息位于cookies.txt这是使用 curlopt_cookiefile 被发送回服务器被混淆了写在这个文件中的其他cookie?
这显然是cURL的一个非常重要的功能,但我似乎不能接受在任何地方找到这些答案。
1)没有
> 2)
2.0)它正在写入/ php - 即从根文件系统,在文件夹php。你在那里检查了吗?
2.1)cookiejar将只用于不发布登录信息的后续请求。在这一点上,我想知道什么是你使用cookiejar ...你确定你甚至需要这些cookie吗?
2.2)运行PHP的用户(通常是网络服务器)将会(不应该)发送到您重定向到的第三方网站,需要对此文件有写权限。
3)只要将cookiejar放在文件系统的某处,别人就不能随意访问,例如,你可能想把它放在webroot以外的地方。
4)如果这个脚本经常被多个用户使用,你几乎肯定会得到一个混合该文件中的所有不同类型的数据 - 这表明你应该给每个用户自己的cookiejar文件,或者什么......因为位置只是通过PHP字符串设置,你不应该有太多的麻烦搞清楚如何使它动态。 CURL将负责在后续请求和响应期间不将过期的Cookie写入jar。
I am logging in remotely to a website using cURL and everything is working fine. I am posting the login information, retrieving the cookies and being redirected by the remote site. I have a few questions about how the cookies are actually functioning.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://website' );
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_str);
curl_setopt($ch, CURLOPT_COOKIEJAR, '/php/cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, '/php/cookies.txt');
$result = curl_exec($ch);
$x = curl_getinfo($ch);
print_r($x);
1.) Is there some security issues I need to be concerned about by sending the login information via POST?
2.) When I set the curlopt_cookiejar to /php/cookies.txt, I don't actually see that file saved anywhere. This may be due to permissions, but the login is working anyways. Why would that be the case? What would be the correct permissions to allow this file to be written to and saved?
3.) Is storing the cookiejar file in plaintext safe? What is the best location to save this file?
4.) If this script is used regularly by multiple users, what is preventing the correct cookie information located in cookies.txt that is sent back to the server using curlopt_cookiefile from being mixed up by other cookies that have been written in this file? What is the best way to approach cookies that expire, and removing old cookies from this file?
This is obviously a very important function of cURL, but I can't seem to find these answers anywhere. I'm hoping a cURL master can set these questions straight once and for all to see.
1) No
2)
2.0) It's writing to /php - that is, off the root filesystem, in a folder php. Did you check there?
2.1) The cookiejar would only be used for subsequent requests that do NOT post the login information. At this point, I'm wondering what it is you're using the cookiejar for...are you certain you even need these cookies? They (shouldn't) get sent to the third-party site you got redirected to, so what are they doing?
2.2) The user running PHP (usually the web server) will need write permissions to this file.
3) As long as you put the cookiejar somewhere on your filesystem that others can't get arbitrary access to, you should be fine - for example, you probably want to put it somewhere outside the webroot.
4) If this script is used regularly by multiple users, you'll almost CERTAINLY get a mix of all different kind of data in that file - which indicates that you should probably be giving each user their own cookiejar file, or something...since the location is just set via a PHP string, you shouldn't have too much trouble figuring out how to make it dynamic. CURL will take care of not writing expired cookies to the jar during subsequent requests and responses.
这篇关于使用Cookie和cURL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
