编码java Cookie值 [英] Encoding java Cookie value

查看:140
本文介绍了编码java Cookie值的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

如何编码Java Cookie对象的实际值?我不能传递'='之类的字符或US-ASCII之外的任何字符。

How should you encode the actual value for a Java Cookie object? I cannot pass characters like '=' or any character outside US-ASCII.

/ br joynes

/Br joynes

推荐答案

这并不重要,但通常是 Base64 应该运作良好。

It does not really matter how, but usually Base64 should work well.

注意事项:

这听起来像你要存储cookie中的任意设置。这通常不是一个好主意,因为cookie(像所有客户端输入一样)是不可信的。考虑将数据服务器端存储在某个生成的(随机!)标识符下,并将其放入cookie中。这样人们就无法规避访问限制或通过操纵cookie将任意数据注入您的系统。

This sounds like you want to store arbitrary settings in a cookie. This is generally not a good idea, because cookies (like all client input) are untrusted. Consider storing the data server-side under some generated (random!) identifier, and putting that into the cookie. That way people cannot circumvent access restrictions or inject arbitrary data into your system through manipulated cookies.

如果您不能使用此方法,请将cookie值视为不可信输入并将其验证为通常。

If you cannot use this approach, treat cookie values as untrusted input and verify it as usual.

修改:

Base64不合适,因为它使用 =,哪些Java cookie不支持。而是使用

Base64 is not appropriate, as it uses "=", which Java cookies do not support. Rather use 

java.net.URLEncoder.encode

仅使用适合cookie的字符。

which only uses characters appropriate for cookies.

这篇关于编码java Cookie值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
Java开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆