Cookie与基本身份验证 [英] Cookies vs Basic Auth

问题描述

为什么几乎所有的网站都使用Cookie而不是基本身份验证? 不能仅仅因为用户/通过窗口是丑陋的，而且没有一个是更安全的.它们都不安全(没有https).

Why almost all websites out there are using cookies instead of basic auth? It can't be only that the user/pass window is ugly and none of them is more secure. They are both insecure (without https).

推荐答案

要注销基本身份验证登录，通常需要完全退出浏览器.这意味着服务器无法注销用户.

To logout of a basic auth login the browser often needs to be quit entirely. This means there is no way for the server to log out the user.

我相信基本身份验证也有更多的开销(假设您的cookie大小不是很大)，但是我对此可能是错的.

I believe basic auth also has more overhead (assuming your cookie size isn't massive), but I might be wrong about that.

HTTP基本身份验证还会在每次请求时发送用户名和密码，这可能会降低安全性，因为拦截的机会更多.

HTTP basic auth also sends the username and password with every request, making it potentially less secure because there is more opportunity for interception.

这篇关于Cookie与基本身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！