安全和不安全Cookie的区别 [英] Difference between secure and insecure cookies
问题描述
我正在开发一个必须维护会话的Android应用程序.我需要登录两个网站.
I am developing an Android application where I have to maintain session. There are two websites that I need to log into.
对于一个网站,当我从Cookie商店获得Cookie时,我得到的是cookie.isSecure = true.
For one website, when I get cookies from Cookie Store I get cookie.isSecure=true.
对于其他网站,我得到cookie.isSecure = false.
For other website, I get cookie.isSecure=false.
我想知道安全和不安全Cookie的区别是什么?
I would like to know what is the difference between Secure and Insecure cookies?
此值会使浏览器行为发生变化吗?
Would the browser behavior change with this value?
推荐答案
安全cookie会指示浏览器仅在通过SSL连接时将cookie发送给服务器.
A secure cookie instructs the browser that the cookie may only be sent to the server when connecting through SSL.
这些网站的URL以https://开头(请注意http后面的s)
These are sites where the URL starts with https:// (note the s after http)
不安全的cookie将同时发送到http://和https://连接.
An insecure cookie will be sent to both http:// and https:// connections.
此机制可确保始终对会话cookie(如果设置为安全)进行加密,以防止窃听.
This mechanism ensures that session cookies (if set as secure) will always be encrypted in order to prevent eavesdropping.
这篇关于安全和不安全Cookie的区别的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!