Vendor 2 acknowledged the weakness, yet wrote us: "Session cookies are not a replacement for authentication tokens."
Vendor2承认了这些缺陷,然后给我们写信说:“会话cookie不是一个可代替的认证标识。”
Keep-session-cookies saves the session cookies instead of keeping them in memory, which is useful on sites that require access to other pages.
keep -session -cookies保存会话cookie,而不是将它们留在内存中,这对于需要访问其他页面的站点比较有用。
The ability to forge such session cookies (or more generally, session tokens) stems from the fact that the tokens are not generated in a secure way.
这种打造的能力,像会话cookie (或者更通俗地说,会话标识)源自于这些标识不是以安全的方式产生的事实。
The user would only experience "normal" behavior if the targeted external site handled its own state management using normal Web techniques such as session cookies.
只有目标外部站点使用会话Cookie等普通Web技术来处理自己的状态管理时,用户才会看到“通常”的行为。
Cookie poisoning is a technique known mainly for achieving impersonation and breach of privacy through manipulation of session cookies that maintain the identity of the client (or end user).
cookie篡改(cookiepoisoning)是一项主要以获取模拟和隐私权泄密著称的技术,通过维护客户(或终端用户)身份的会话信息操纵来实现的。
This feature was added in version 1.1 of the.net Framework so it's not unique to ASP.NET 2.0. What is new in ASP.NET 2.0 is that this countermeasure can also be applied to session cookies.
这个特性是在。NET框架1.1版本中新增的,所以在ASP.NET 2.0中已经不新鲜了。
Web analytics stats, form submissions, and session cookies, can all be used to track user behavior. Analysis of those items will help us determine which areas of the UI are interacted with most.
通过网页数据统计、表单提交和session cookies可以追踪到用户的使用行为,帮助我们了解用户与哪些UI区域有最多的交互。
This allows controllers to use different providers other than the SessionStateTempDataProvider, making for improved testability allowing developers to use session cookies instead of session state.
这允许Controller使用SessionStateTempDataProvider以外的Provider,这增强了可测试性,并允许开发人员使用cookies而不是会话状态。
The primary use of cookies is to store authentication and session information, your information, and your preferences.
Cookie的主要用途是存储认证和会话信息、您的信息以及您的首选项。
The CEA Feature Pack USES cookies to store session state, so it must be a separate browser-not a separate window in the same browser.
CEAFeaturePack使用cookies来存储会话状态,因此必须是单独的浏览器—而不是一个浏览器中的单独窗口。
The product USES two cookies to identify a session.
这个产品利用两个cookie来鉴定一个会话。
Storing session state in the client using HTTP cookies or hidden form fields has significant security risks — it exposes a part of your application internals to the untrusted client layer.
在客户端用HTTPcookie或者隐藏表单字段存储会话状态有很大的安全风险——它将应用程序的一部分内部内容暴露给了非受信任的客户层。
JSF does the actual storage and state management, typically though a session, a hidden form field, cookies, etc.
JSF通常通过会话、隐藏表单字段、cookies等进行实际的存储和状态管理。
A decode method could read values from session, cookies, headers, request, etc.
decode方法可以从会话、cookie、头、请求等处读取值。
Typical cookies have a life span that can exceed the session.
典型的cookie有生命期,其生命期可以超出会话的生命期。
The three runner-ups are cookies, hidden fields, and stateless session beans.
隐藏域和有状态会话bean。
You use this class to work with information such as cookies, session, and authorization. Table 2 shows some of this class's important methods.
可以用这个类来处理像cookie、会话和授权之类的信息。
The pair formed by the two cookies identifies the session.
由两个cookie形成的这对来鉴定一个会话。
Temporary cookies: These cookies are valid only for the lifetime of your current session, and are deleted when you close your browser.
临时cookie:这些cookie仅仅在您的当前会话中是合法的,当您关闭浏览器的时候会被删除。
Since we don't want to store the cookies for longer than the browser session, we don't need to bother setting the expiration time.
因为只需要在浏览器会话中保存cookie,而不需要设置有效期。
In this way, a J2EE application that requires session management doesn't need to rely on cookies being enabled by users of the application.
这样,需要会话管理的J2EE应用程序就无需依赖由应用程序用户启用的cookie了。
Using HTTP cookies to maintain session context.
使用HttpCookie维护会话上下文。
If you do not accept the cookies set on login or your computer is not configured to accept cookies, your session will expire almost immediately.
如果您不接受在注册设置的曲奇饼或没有配置您的计算机接受曲奇饼,您的会议几乎立刻将到期。
Due to the limited bandwidth on the wireless network and the lack of support for "cookies" in most wireless gateways, it is not possible to push the user's session state from the server to the client.
由于无线网络的有限带宽,而且多数无线网关不支持“cookie”,所以将用户会话状态从服务器端推入到客户端是不太可能的。
For example, if the server used only cookie-based sessions, and the client had disabled the use of cookies, then a session would be new on each request.
比如,如果服务器使用基于cookie的会话,客户端不能禁用cookies,那么会话对于每一个请求将是新的。
A cookie's value can uniquely identify a client, so cookies are commonly used for session management.
一个cookie的值能唯一识别一个客户端,因此cookie常用于session的管理。
The server can maintain a session in many ways such as using cookies or rewriting URLs.
服务器可以使用多种方式来维护会话,比如使用cookies或重写url。
The server can maintain a session in many ways such as using cookies or rewriting URLs.
服务器可以使用多种方式来维护会话,比如使用cookies或重写url。
应用推荐