什么信息可以存储在Cookie中？ [英] What information is OK to store in cookies?

问题描述

在考虑安全性和用户体验时，什么信息是确定的，可接受的，甚至是好主意存储在Cookie中？

When thinking about security and user experience, what information id OK, acceptable, or even a good idea to store in a cookie?

编辑：

了解敏感信息（如用户名，密码，SSN，信用卡号）

With the understanding that sensitive info, like user names, passwords, SSN, credit card numbers don't belong there, what does?

推荐答案

绝对不是密码！或任何敏感...记住，cookies存储在人们的计算机上，从你的角度（作为网站开发人员），他们基本上是在野外，可能访问任何人。

Definitely not passwords! Or anything sensitive... remember that cookies are stored on people's computers so from your point of view (as a website developer), they're basically out in the wild, potentially accessible to anyone.

一个常见的做法是在cookie中存储会话ID，并将所有其他相关信息存储在服务器上由会话ID索引的数据库（或文件或其他）中。

A common practice is to just store a session ID in a cookie, and store all other relevant information in a database (or file, or whatever) on the server, indexed by session ID.

这篇关于什么信息可以存储在Cookie中？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！