Vendor 2 acknowledged the weakness, yet wrote us: "Session cookies are not a replacement for authentication tokens."
Vendor 2承认了这些缺陷,然后给我们写信说:“会话cookie不是一个可代替的认证标识。”
Keep-session-cookies saves the session cookies instead of keeping them in memory, which is useful on sites that require access to other pages.
keep - session - cookies保存会话cookie,而不是将它们留在内存中,这对于需要访问其他页面的站点比较有用。
The ability to forge such session cookies (or more generally, session tokens) stems from the fact that the tokens are not generated in a secure way.
这种打造的能力,像会话 cookie (或者更通俗地说,会话标识)源自于这些标识不是以安全的方式产生的事实。
应用推荐