仅在接触表格中的cookie?
我发现了许多复杂情况的复杂答复。我的很简单。我只需要一个cookie的页面,位于触点表格中:设置有效期时间(一小时远远远远足够)。 httponly对于避免用户在其本地计算机中提交编辑的表单很重要。表格必须仅在访问的URL中填写表格。我有这样的设置:
<?php
$name = 'contacto';
$value = 'spanish-visitor';
$expire = time() + 60*60; //One hour enough to fill up a simple form.
$path = '/es/contacto.php';
//Or should not put the file name containing the HTML form?
$domain = 'www.mydomain.com';
//Or should I put here the specific file where the user lands? like 'www.mydomain.com/es/contacto.php'?
$secure = isset($_SERVER['HTTPS']);
$httpOnly = true;
?>
对于其他页面,我不在乎cookie,因为它们纯粹是有益的。我担心的是可以是攻击目标的联系表。这只是一个触点表,没有会话登录。我不使用CMS。请给出方向。
I found lots of complex replies for complex situations. Mine is simple. I just need a cookie for the page where is located the contact form: set an expiration time (one hour is more than enough). Httponly is important to avoid users to submit edited forms in their local computers. Form must be submitted ONLY filling up the FORM in the URL visited. I have this setting:
<?php
$name = 'contacto';
$value = 'spanish-visitor';
$expire = time() + 60*60; //One hour enough to fill up a simple form.
$path = '/es/contacto.php';
//Or should not put the file name containing the HTML form?
$domain = 'www.mydomain.com';
//Or should I put here the specific file where the user lands? like 'www.mydomain.com/es/contacto.php'?
$secure = isset($_SERVER['HTTPS']);
$httpOnly = true;
?>
For the other pages I don‘t care for cookies, because they are just purely informative. My concern is the contact form which can be target of attacks. It is just a contact form, no login for sessions. I don‘t use CMS. Orientations, please.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论