如何保证在Android的饼干吗? [英] How to secure a cookie in android?
问题描述
我使用Android的 CookieManager 设置在网页视图一个cookie哪些实际上可以包含用户ID。我想使这个cookie的安全,以避免任何假冒攻击。我怎样才能使它作为安全cookie因为CookieManager仅支持基本的字符串的键值对。
I am using Android's CookieManager to set a cookie in webview which acutally contains user id. I want to make this cookie secure to avoid any impersonation attacks. How can i make it as secure cookie since CookieManager supports only basic string key value pairs.
也将饼干是安全的,如果连接是通过HTTPS协议?
Also will the cookie be secure if the connection is through HTTPS Protocol ?
推荐答案
不知道你在做什么,但饼干是在服务器设置。因此,你不能让安全只有在你身边。如果你想确保你的cookie仍然是个秘密,使用HTTPS的所有操作涉及该cookie,并已在服务器设置cookie'安全'标志,因此,它只能通过HTTPS发送的。
Not sure what you are doing, but cookies are set at the server. Thus you cannot make it secure on your side only. If you want to make sure your cookie remains a secret, use HTTPS for all operations that involve that cookie, and have the server set the cookie 'secure' flag, so that it is only sent over HTTPS.
这篇关于如何保证在Android的饼干吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
