{"id":1118,"date":"2023-01-14T19:55:00","date_gmt":"2023-01-14T11:55:00","guid":{"rendered":"https:\/\/systw.net\/note\/?p=1118"},"modified":"2024-02-23T21:37:24","modified_gmt":"2024-02-23T13:37:24","slug":"%e5%89%8d%e7%ab%af%e5%84%b2%e5%ad%98","status":"publish","type":"post","link":"https:\/\/systw.net\/note\/archives\/1118","title":{"rendered":"\u524d\u7aef\u5132\u5b58"},"content":{"rendered":"\n

<\/p>\n\n\n\n

HTTP\u8acb\u6c42\u4e2d\u7684Cookie\u8cc7\u8a0a\u901a\u5e38\u7528\u65bc\u5224\u65b7\u4f7f\u7528\u8005\u767b\u5165\u72c0\u614b\uff0c\u5176\u4e2d\u4f3a\u670d\u5668\u6703\u5728\u4f7f\u7528\u8005\u767b\u5165\u6642\u5c07\u52a0\u5bc6\u7684\u552f\u4e00\u8fa8\u8b58\u78bc\u63d2\u5165Cookie\u4e2d\u3002 HTML5\u7684\u4e86localStorage\u548csessionStorage\uff0c\u70ba\u512a\u5316\u4f7f\u7528\u8005\u9ad4\u9a57\u63d0\u4f9b\u4e86\u66f4\u9748\u6d3b\u7684\u9078\u64c7\u3002 localStorage\u53ef\u53d6\u4ee3Cookie\u4fdd\u5b58\u8cfc\u7269\u8eca\u8cc7\u8a0a\u6216HTML5\u904a\u6232\u7522\u751f\u7684\u672c\u5730\u6578\u64da\uff0c\u800csessionStorage\u9069\u7528\u65bc\u5206\u5272\u591a\u6b65\u9a5f\u8868\u55ae\u4ee5\u512a\u5316\u4f7f\u7528\u8005\u586b\u5beb\u9ad4\u9a57\u3002 \u9019\u4f7f\u5f97\u7279\u5b9a\u5834\u666f\u4e2d\u53ef\u4ee5\u6e1b\u5c11\u5c0dCookie\u7684\u4f9d\u8cf4\u3002<\/p>\n\n\n\n

<\/p>\n\n\n\n

\u7279\u6027<\/th>Cookie\uff0fsession<\/th>WEBSTORAGE<\/th><\/tr><\/thead>
\u6578\u64da\u7684\u751f\u547d\u671f<\/td>Cookie\uff1a\u4e00\u822c\u7531\u4f3a\u670d\u5668\u751f\u6210\uff0c\u53ef\u8a2d\u5b9a\u5931\u6548\u6642\u9593\u3002
SESSION\uff1a\u50c5\u5728\u76ee\u524d\u6703\u8a71\u4e0b\u6709\u6548\uff0c\u95dc\u9589\u9801\u9762\u6216\u700f\u89bd\u5668\u5f8c\u6e05\u9664<\/td>		localStorage\uff1a\u9664\u975e\u88ab\u6e05\u9664\uff0c\u5426\u5247\u6c38\u4e45\u4fdd\u5b58
sessionStorage\uff1a\u50c5\u5728\u76ee\u524d\u6703\u8a71\u4e0b\u6709\u6548\uff0c\u95dc\u9589\u9801\u9762\u6216\u700f\u89bd\u5668\u5f8c\u6e05\u9664<\/td><\/tr>
\u5b58\u653e\u6578\u64da\u5927\u5c0f<\/td>4K\u5de6\u53f3<\/td>\u4e00\u822c\u70ba5MB<\/td><\/tr>
\u4e0e\u670d\u52a1\u5668\u7aef\u901a\u4fe1<\/td>\u6bcf\u6b21\u90fd\u6703\u651c\u5e36\u5728HTTP\u982d\u4e2d\uff0c\u5982\u679c\u4f7f\u7528cookie\u4fdd\u5b58\u904e\u591a\u8cc7\u6599\u6703\u5e36\u4f86\u6548\u80fd\u554f\u984c<\/td>\u50c5\u5728\u5ba2\u6236\u7aef\uff08\u5373\u700f\u89bd\u5668\uff09\u4e2d\u4fdd\u5b58\uff0c\u4e0d\u53c3\u8207\u548c\u4f3a\u670d\u5668\u7684\u901a\u4fe1<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

ps:
JSESSIONID JAVA\u7522\u751f\u7684SESSION; PHPSESSID, PHP\u7522\u751f\u7684SESSION<\/p>\n\n\n\n

<\/p>\n\n\n\n

\n\n\n\n

<\/p>\n\n\n\n

Cookie\u5b89\u5168<\/h2>\n\n\n\n

\u6211\u5011\u53ef\u4ee5\u70ba\u5132\u5b58\u5728Cookie\u5bb9\u5668\u4e2d\u7684\u8cc7\u6599\u8a2d\u5b9aHeader\u53c3\u6578 <\/p>\n\n\n\n

\u6b63\u5e38\u8fd4\u56decookie\u5167\u5bb9\u683c\u5f0f\u5982\u4e0b <\/p>\n\n\n\n

Set-Cookie: <name>=<value>[; <Max-Age>=<age>] [; expires=<date>][; domain=<domain_name>] [; path=<some_path>][; secure][; HttpOnly][; SameSite=<value>]<\/code><\/p>\n\n\n\n

\u5982\u679c\u6709\u8a2d\u5b9a\u5e38\u898b\u7684cookie\u4fdd\u8b77\u6a5f\u5236 httponly, secure, samesite,\u8fd4\u56de\u5167\u5bb9\u5927\u81f4\u5982\u4e0b<\/p>\n\n\n\n

\tHTTP\/1.1 200 OK\n\tContent-Type: text\/html; charset=utf-8\n\tSet-Cookie: session=hYubTLpH7nlTqUNtyhKHL2ULx7o8cvGh; Secure; HttpOnly; SameSite=Strict\n\n<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
httpOnly<\/h3>\n\n\n\n
\u6709\u8a2d\u5b9a\u6b64flag\uff0cCookie\u53ea\u9650\u88ab\u4f3a\u670d\u5668\u7aef\u8a2a\u554f\uff0c\u7121\u6cd5\u5728\u5ba2\u6236\u7aef\u8b80\u53d6\u3002<\/p>\n\n\n\n
secure<\/h3>\n\n\n\n
\u6709\u8a2d\u5b9a\u6b64flag\uff0cCookie\u53ea\u80fd\u900f\u904ehttps\u7684\u65b9\u5f0f\u50b3\u8f38\u3002<\/p>\n\n\n\n
SameSite<\/h3>\n\n\n\n
\u9019\u500b\u5c6c\u6027\u53ef\u4ee5\u8b93 cookie \u5728\u8de8\u7ad9\u8acb\u6c42\u60c5\u6cc1\u4e0b\u4e0d\u6703\u88ab\u50b3\u9001\uff0c\u5f9e\u800c\u53ef\u4ee5\u963b\u6b62CSRF\uff0c\u53ef\u4ee5\u6709\u4e0b\u9762\u4e09\u7a2e\u503c\uff1a<\/p>\n\n\n\n