Storing session state in the client using HTTP cookies or hidden form fields has significant security risks — it exposes a part of your application internals to the untrusted client layer.
在客户端用HTTP cookie或者隐藏表单字段存储会话状态有很大的安全风险——它将应用程序的一部分内部内容暴露给了非受信任的客户层。
The ability to forge such session cookies (or more generally, session tokens) stems from the fact that the tokens are not generated in a secure way.
这种打造的能力,像会话 cookie (或者更通俗地说,会话标识)源自于这些标识不是以安全的方式产生的事实。
Cookie poisoning is a technique known mainly for achieving impersonation and breach of privacy through manipulation of session cookies that maintain the identity of the client (or end user).
cookie篡改(cookie poisoning)是一项主要以获取模拟和隐私权泄密著称的技术,通过维护客户(或终端用户)身份的会话信息操纵来实现的。
应用推荐