什么信息可以存储在Cookie中? [英] What information is OK to store in cookies?
问题描述
在考虑安全性和用户体验时,什么信息是确定的,可接受的,甚至是好主意存储在Cookie中?
When thinking about security and user experience, what information id OK, acceptable, or even a good idea to store in a cookie?
编辑:
了解敏感信息(如用户名,密码,SSN,信用卡号)
With the understanding that sensitive info, like user names, passwords, SSN, credit card numbers don't belong there, what does?
推荐答案
绝对不是密码!或任何敏感...记住,cookies存储在人们的计算机上,从你的角度(作为网站开发人员),他们基本上是在野外,可能访问任何人。
Definitely not passwords! Or anything sensitive... remember that cookies are stored on people's computers so from your point of view (as a website developer), they're basically out in the wild, potentially accessible to anyone.
一个常见的做法是在cookie中存储会话ID,并将所有其他相关信息存储在服务器上由会话ID索引的数据库(或文件或其他)中。
A common practice is to just store a session ID in a cookie, and store all other relevant information in a database (or file, or whatever) on the server, indexed by session ID.
这篇关于什么信息可以存储在Cookie中?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!