永久身份验证Cookie [英] Persistent authentication cookie

问题描述

我检查了我的记忆，并创建了永久性cookie.如果我关闭浏览器或关闭我的asp.net开发服务器，将会有任何区别.

I have checked remember me,and created persistent cookie.will be there any difference if i close browser or close my asp.net development server.

推荐答案

当然会有区别的.如果关闭浏览器，则可以再次打开它并看到同一页面.如果关闭HTTP服务器(无论是哪个服务器)，则除了存储在浏览器缓存中的页面之外，将无法看到其他页面，并且无法尝试重新加载. :-)

我非常确定您想知道其他事情，但是我的回复应该提醒您正确提出问题.



好的，关于这个问题:cookie的名称之一是浏览器cookie .它们存储在客户端，属于特定的浏览器，与服务器无关:
http://en.wikipedia.org/wiki/HTTP_cookie [

Of course there will be a difference. If you close your browser, you can open it again and see the same page. If you close the HTTP server (no matter which one), you won''t be able to see any pages except those stored in the browser cache and not attempted to reload. :-)

I''m pretty much sure you wanted to know something else, but my reply should remind you to ask questions correctly.



OK, as to the question: one of the names of the cookie is the browser cookie. They are stored on the client side and belong to a particular browser and not related to a server:
http://en.wikipedia.org/wiki/HTTP_cookie[^].

If should clear your concern.

—SA

Cookie存储在一个持久文件中，除非您以隐身/私有模式浏览，并且通常针对某个域存储.因此，只要您在相同的域(localhost?)上重新启动服务器并使用相同的浏览器，cookie仍然应该可用.

请记住，如果绕过正常的密码提示，允许持久的身份验证/授权cookie可能会带来安全风险.您可能需要考虑将cookie内容与用户的IP或类似内容一起哈希，以避免会话劫持.

Cookies are stored in a persistent file, unless you''re browsing in incognito/private mode, and generally stored against a domain. So as long as you restart the server on the same domain (localhost?) and use the same browser, the cookies should still be available.

Remember that allowing persistent authentication/authorisation cookies can be a security risk if it bypasses the normal password prompt. You may want to consider hashing the cookie content together with the user''s IP or something similar to avoid session hijacking.

这篇关于永久身份验证Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！