浏览器将执行哪些持久性cookie? [英] What persistent cookie will do in browser?

问题描述

亲爱的程序员.我是ASP.NET中安全编程的新手.我有一个疑问.

什么是永久性Cookie?票证和cookie之间有什么关系?以及为什么我们有时会加密cookie.

Dear programmers. I am new to secure programming in ASP.NET. I have one doubt.

What is persistent cookie? And what is the relation between the ticket and cookie? And why some times we will encrypt the cookie.

var ticket = new FormsAuthenticationTicket(txtUsername.Text,true,10);
        var encryptedTicket = FormsAuthentication.Encrypt(ticket);
        var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
        {
            HttpOnly = true,
            Secure = FormsAuthentication.RequireSSL,
            Path = FormsAuthentication.FormsCookiePath,
            Domain = FormsAuthentication.CookieDomain
        };
        Response.AppendCookie(cookie);
        Response.Redirect("~/homepage.aspx");

当我执行上述代码时，后台进程将是什么.

What will be the background processes when i execute the above code.

推荐答案

非持久性cookie将驻留在用户浏览器中.当用户关闭浏览器时，cookie将被删除.这是我们用于身份验证Cookie的正常方法.

另一方面，持久性cookie将保存在用户硬盘上.当我们要实现记住我"类型的lo-gin功能时，通常会这样做.由于cookie将保存在用户计算机上，因此下次用户访问该页面时，该cookie将用作身份验证票证，并且用户将登录.

至于为什么要加密，如果我们不加密，那么我们有可能通过互联网发送与用户凭证相关的敏感信息.它可能被窃听，然后被其他人(也许是黑客或想成为黑客的人)恶意使用

注意:有关自定义表单身份验证的详细信息，请参阅以下文章:

The non persistent cookie will live in user browser. the moment user will close the browser the cookie will be deleted. This is the normal way we use with authentication cookies.

persistent cookie on the other hand get saved on the user hard disk. this is typically done when we want to implement "remember me" type of lo-gin functionality. since the cookie will be saved on user computer, next time when the user access the page that cookie will serve as authentication ticket and the user will be logged in.

As for why is it encrypted, if we don''t encrypt it then we are potentially sending user credential related sensitive information over the internet. It can be eavesdropped and then user maliciously by someone else (perhaps a hacker or hacker wannabe)

Note: You can refer to following article for details on custom forms authentication: Understanding and Implementing ASP.NET Custom Forms Authentication[^]

选中此

我正在使用以下代码……

I am using the following code......

tkt = new FormsAuthenticationTicket(1, txtUsername.Text, DateTime.Now,
     DateTime.Now.AddMinutes(30), false, "Under the trees");

           cookiestr = FormsAuthentication.Encrypt(tkt);
           ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);

           if (tkt.IsPersistent)
           {
               ck.Expires = tkt.Expiration;
           }
           ck.Path = FormsAuthentication.FormsCookiePath;
           Response.Cookies.Add(ck);

           Response.Redirect("index.aspx");

这篇关于浏览器将执行哪些持久性cookie?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！