是否在Cookie不良实践中存储OAuth令牌？ [英] Is storing an OAuth token in cookies bad practise?

问题描述

正在将Cookie中的OAuth 2凭证储存在Cookie做法中吗？如果是的话，什么是Web应用程序的替代方案？

Is storing an OAuth 2 token in cookies bad practise? If so, what are alternatives for a web app?

推荐答案

我绝对不会这样做。当涉及到安全时，你不应该存储的东西，在别人可以访问的地方。所以，不要将它存储在任何地方，特别是客户端。

I definitely wouldn't do it. When security is involved you should not store stuff, in places where others can access it. So don't store it anywhere, especially client-side.

这就是说，这不是坏的做法，如果处理得当。请参见此综合文章

That being said, it's not bad practice, per se if handled properly. See this comprehensive article about it.

这篇关于是否在Cookie不良实践中存储OAuth令牌？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！