当表单提交时我读隐藏表单字段与用户的会话令牌比较。
When form is submitted I read hidden form field and compare it with token in user session.
JSF通常通过会话、隐藏表单字段、cookies等进行实际的存储和状态管理。
JSF does the actual storage and state management, typically though a session, a hidden form field, cookies, etc.
在客户端用HTTPcookie或者隐藏表单字段存储会话状态有很大的安全风险——它将应用程序的一部分内部内容暴露给了非受信任的客户层。
Storing session state in the client using HTTP cookies or hidden form fields has significant security risks — it exposes a part of your application internals to the untrusted client layer.
噢)此外,使用cookie或者隐藏表单字段很混乱,容易出错,并且脆弱(如果用户禁止在浏览器中使用 cookie,那么基于cookie的方法就完全不能工作)。
Oops.) Besides, using cookies or hidden form fields is messy, error-prone, and brittle (and a cookie-based approach won't work at all if the user has disabled the use of cookies in the browser).
此函数的另一个作用是根据其他表单字段值填充任何隐藏的INPUT元素。
Another use of this function is to populate any hidden INPUT elements based on other form field values.
然而,这种解决方案有些简陋,很像使用隐藏的表单字段在请求之间传递值。
This solution is rather crude, however, closely resembling the use of hidden form fields to pass along values between requests.
它会产生一个隐藏的表单字段(防伪标记),提交表单时验证。
It generates a hidden form field (anti-forgery token) that is validated when the form is submitted.
它会产生一个隐藏的表单字段(防伪标记),提交表单时验证。
It generates a hidden form field (anti-forgery token) that is validated when the form is submitted.
应用推荐