仅在客户端验证页面请求
我正在使用缓存服务器来缓存某些页面的不同实例。 所有页面都有两个实例。(登录时它们有一个 html 版本,注销时有另一个版本)。
我想要实现的目标如下: 我想根据一些凭据(例如用户名密码)向服务器发出请求,仅进行一次验证,然后以某种方式在 cookie 中存储一些数据,这样我就不必再次访问服务器了。
因此,在创建 cookie 后,当用户尝试访问站点内的不同页面时,他应该收到该页面的登录版本。
唯一的问题是我不明白这怎么可能是一种安全的方法。这不会阻止任何人通过在另一台计算机上复制相同的 cookie 来通过服务器验证。
我可以使 cookie 仅在创建它的 PC 上有效吗?
是否有其他选择只向服务器发出一个请求?
I'm using a caching server to cache different instances of some pages.
All the pages have two instances.(they have a version for the html when logged in and another when logged out).
What I am trying to achieve is the following:
I want to make a request to the server based on some credentials(username password for example) for validation only once and then store somehow in a cookie some data that would spare me from accessing the server again.
So after the cookie creation when a user tries to access a different page within the site he should receive the logged in version of the page.
The only problem is that I can't see how this could be a safe approach. This wouldn't stop anyone from passing the server validation by just copying on another computer the same cookie.
Can I make a cookie valid only on the PC it was created on ?
Are there other alternatives that would make only one request to the server ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
唯一安全的方法是让服务器控制访问和验证。对于每种客户端方法,都有一种可供人们利用的黑客方法。
The only safe approach is to have the server control access and validation. For every client-side approach, there's a hack that someone can use to exploit it.