{"id":194504,"date":"2024-05-09T21:21:03","date_gmt":"2024-05-09T13:21:03","guid":{"rendered":"https:\/\/docs.pingcode.com\/ask\/ask-ask\/194504.html"},"modified":"2024-05-09T21:21:08","modified_gmt":"2024-05-09T13:21:08","slug":"%e5%90%8e%e7%ab%af%e5%8f%af%e4%bb%a5%e8%ae%a9token%e7%9b%b4%e6%8e%a5%e5%ad%98%e5%88%b0%e6%b5%8f%e8%a7%88%e5%99%a8%e7%9a%84cookie%e9%87%8c%e5%90%97","status":"publish","type":"post","link":"https:\/\/docs.pingcode.com\/ask\/194504.html","title":{"rendered":"\u540e\u7aef\u53ef\u4ee5\u8ba9token\u76f4\u63a5\u5b58\u5230\u6d4f\u89c8\u5668\u7684cookie\u91cc\u5417"},"content":{"rendered":"<p style=\"text-align:center\"><img decoding=\"async\" src=\"https:\/\/cdn-kb.worktile.com\/kb\/wp-content\/uploads\/2024\/04\/24134813\/cfc1d8be-12ae-4027-bceb-310dae5e27d9.webp\" alt=\"\u540e\u7aef\u53ef\u4ee5\u8ba9token\u76f4\u63a5\u5b58\u5230\u6d4f\u89c8\u5668\u7684cookie\u91cc\u5417\" \/><\/p>\n<p><p>\u53ef\u4ee5\u5c06token\u76f4\u63a5\u5b58\u50a8\u5728\u6d4f\u89c8\u5668\u7684cookie\u4e2d\uff0c\u8fd9\u79cd\u65b9\u5f0f\u5e38\u7528\u4e8e\u4fdd\u6301\u7528\u6237\u4f1a\u8bdd\u548c\u8eab\u4efd\u9a8c\u8bc1\u3002<strong>\u4f7f\u7528cookie\u5b58\u50a8token\u7684\u597d\u5904\u5305\u62ec\u65b9\u4fbf\u3001\u6613\u4e8e\u5b9e\u73b0\u548c\u80fd\u901a\u8fc7HTTP\u6301\u4e45\u5316\u72b6\u6001<\/strong>\u3002\u7136\u800c\uff0c\u8fd9\u79cd\u65b9\u6cd5\u9700\u8981\u59a5\u5584\u5904\u7406\u4ee5\u9632\u6b62\u5b89\u5168\u6f0f\u6d1e\uff0c\u6bd4\u5982XSS\uff08\u8de8\u7ad9\u811a\u672c\u653b\u51fb\uff09\u548cCSRF\uff08\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\uff09\u3002<\/p>\n<\/p>\n<p><p>\u4f7f\u7528cookie\u5b58\u50a8token\u610f\u5473\u7740\u540e\u7aef\u670d\u52a1\u5728\u7528\u6237\u767b\u5f55\u6210\u529f\u540e\uff0c\u5c06\u8ba4\u8bc1token\u8bbe\u7f6e\u5728HTTP\u54cd\u5e94\u7684Set-Cookie\u5934\u90e8\u4e2d\u3002\u8fd9\u6837\u6d4f\u89c8\u5668\u5728\u968f\u540e\u7684\u8bf7\u6c42\u4e2d\u4f1a\u81ea\u52a8\u643a\u5e26\u8fd9\u4e2acookie\u3002<strong>\u4e3a\u4e86\u5b89\u5168\u671f\u89c1\uff0ctoken\u5b58\u50a8\u5728cookie\u65f6\u5e94\u4f7f\u7528HttpOnly\u548cSecure\u6807\u8bb0\uff0c\u5e76\u8003\u8651\u8bbe\u7f6eSameSite\u5c5e\u6027<\/strong>\u3002HttpOnly\u6807\u8bb0\u9632\u6b62JavaScript\u901a\u8fc7Document.cookie\u8bbf\u95eecookie\uff0cSecure\u6807\u8bb0\u786e\u4fddcookie\u53ea\u80fd\u901a\u8fc7HTTPS\u4f20\u8f93\uff0cSameSite\u5c5e\u6027\u53ef\u4ee5\u7528\u6765\u9632\u6b62CSRF\u653b\u51fb\u3002<\/p>\n<\/p>\n<p><h3>\u4e00\u3001COOKIE\u5b58\u50a8TOKEN\u7684\u4f18\u52bf<\/h3>\n<\/p>\n<p><h4>\u7b80\u6d01\u6613\u7528<\/h4>\n<\/p>\n<p><p>cookie\u673a\u5236\u662fweb\u5f00\u53d1\u4e2d\u5e38\u7528\u7684\u6280\u672f\uff0c\u670d\u52a1\u5668\u53ef\u901a\u8fc7\u54cd\u5e94\u5934\u8bbe\u7f6ecookie\uff0c\u5e76\u7531\u6d4f\u89c8\u5668\u5b58\u50a8\u7ba1\u7406\u3002\u4e00\u65e6\u8bbe\u7f6e\uff0c\u6d4f\u89c8\u5668\u6bcf\u6b21\u5411\u670d\u52a1\u7aef\u53d1\u9001\u8bf7\u6c42\u65f6\u90fd\u4f1a\u81ea\u52a8\u643a\u5e26\u76f8\u5e94\u7684cookie\uff0c\u8fd9\u4f7f\u5f97\u5f00\u53d1\u8005\u6613\u4e8e\u5229\u7528cookie\u8fdb\u884c\u7528\u6237\u8ba4\u8bc1\u3002<\/p>\n<\/p>\n<p><h4>\u517c\u5bb9\u6027\u5f3a<\/h4>\n<\/p>\n<p><p>\u51e0\u4e4e\u6240\u6709\u73b0\u4ee3Web\u6d4f\u89c8\u5668\u90fd\u652f\u6301cookie\uff0c\u8fd9\u4fdd\u8bc1\u4e86token\u5b58\u50a8\u673a\u5236\u5728\u4e0d\u540c\u7528\u6237\u73af\u5883\u4e0b\u5177\u6709\u8f83\u597d\u7684\u517c\u5bb9\u6027\u3002<\/p>\n<\/p>\n<p><h3>\u4e8c\u3001\u8bbe\u7f6e\u5b89\u5168COOKIE\u7684\u6700\u4f73\u5b9e\u8df5<\/h3>\n<\/p>\n<p><h4>HttpOnly\u4e0eSecure\u6807\u8bb0<\/h4>\n<\/p>\n<p><p>\u4e3a\u589e\u5f3a\u5b89\u5168\u6027\uff0c\u5f53\u5c06token\u5b58\u5165cookie\u65f6\uff0c\u5e94\u8bbe\u7f6eHttpOnly\u5c5e\u6027\u6765\u9632\u6b62\u5ba2\u6237\u7aef\u811a\u672c\u8bbf\u95eecookie\u4e2d\u7684token\u503c\uff0c\u4ece\u800c\u964d\u4f4eXSS\u653b\u51fb\u7684\u98ce\u9669\u3002\u540c\u65f6\uff0c\u5e94\u786e\u4fdd\u8bbe\u7f6eSecure\u6807\u8bb0\uff0c\u8fd9\u6837cookie\u53ea\u4f1a\u901a\u8fc7\u52a0\u5bc6\u7684HTTPS\u8fde\u63a5\u53d1\u9001\uff0c\u9632\u6b62token\u5728\u4f20\u8f93\u8fc7\u7a0b\u4e2d\u88ab\u7a83\u53d6\u3002<\/p>\n<\/p>\n<p><h4>SameSite\u5c5e\u6027<\/h4>\n<\/p>\n<p><p>SameSite\u5c5e\u6027\u6709\u4e09\u4e2a\u53ef\u9009\u503c\uff1aStrict\u3001Lax\u548cNone\uff0c\u5206\u522b\u63d0\u4f9b\u4e0d\u540c\u7ea7\u522b\u7684CSRF\u9632\u62a4\u3002Strict\u6700\u4e3a\u4e25\u683c\uff0c\u5b8c\u5168\u7981\u6b62\u7b2c\u4e09\u65b9cookie\uff0c\u800cLax\u5219\u5141\u8bb8\u5728\u4e00\u5b9a\u6761\u4ef6\u4e0b\u53d1\u9001\u7b2c\u4e09\u65b9cookie\uff0cNone\u5219\u5141\u8bb8\u6240\u6709\u7b2c\u4e09\u65b9cookie\uff0c\u4f46\u5fc5\u987b\u4e0eSecure\u6807\u8bb0\u4e00\u540c\u4f7f\u7528\u3002<\/p>\n<\/p>\n<p><h3>\u4e09\u3001COOKIE\u5b58\u50a8TOKEN\u7684\u5b89\u5168\u98ce\u9669<\/h3>\n<\/p>\n<p><h4>XSS\u653b\u51fb<\/h4>\n<\/p>\n<p><p>XSS\u653b\u51fb\u53ef\u4ee5\u5141\u8bb8\u653b\u51fb\u8005\u6ce8\u5165\u6076\u610f\u811a\u672c\u5230web\u9875\u9762\u4e2d\uff0c\u5982\u679ctoken\u672a\u901a\u8fc7HttpOnly\u6807\u8bb0\u4fdd\u62a4\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u901a\u8fc7\u811a\u672c\u7a83\u53d6\u7528\u6237\u7684token\u3002<\/p>\n<\/p>\n<p><h4>CSRF\u653b\u51fb<\/h4>\n<\/p>\n<p><p>CSRF\u653b\u51fb\u53ef\u4ee5\u4f7f\u653b\u51fb\u8005\u5728\u7528\u6237\u4e0d\u77e5\u60c5\u7684\u60c5\u51b5\u4e0b\uff0c\u5229\u7528\u7528\u6237\u7684\u767b\u5f55\u72b6\u6001\u53d1\u8d77\u6076\u610f\u8bf7\u6c42\u3002\u5982\u679c\u6ca1\u6709\u6b63\u786e\u914d\u7f6eSameSite\u5c5e\u6027\uff0c\u653b\u51fb\u8005\u6216\u8bb8\u80fd\u591f\u6210\u529f\u53d1\u8d77\u8de8\u7ad9\u8bf7\u6c42\u3002<\/p>\n<\/p>\n<p><h3>\u56db\u3001COOKIE\u4e0e\u5176\u4ed6\u5b58\u50a8TOKEN\u65b9\u5f0f\u7684\u5bf9\u6bd4<\/h3>\n<\/p>\n<p><h4>\u672c\u5730\u5b58\u50a8\u4e0e\u4f1a\u8bdd\u5b58\u50a8<\/h4>\n<\/p>\n<p><p>\u4e0ecookie\u5b58\u50a8\u76f8\u6bd4\uff0cWeb Storage\uff08\u672c\u5730\u5b58\u50a8\u548c\u4f1a\u8bdd\u5b58\u50a8\uff09\u63d0\u4f9b\u4e86\u4e00\u79cd\u7eaf\u7cb9\u7684\u5ba2\u6237\u7aef\u89e3\u51b3\u65b9\u6848\u3002\u8fd9\u4e9b\u6280\u672f\u80fd\u591f\u5b58\u50a8\u66f4\u5927\u7684\u6570\u636e\uff0c\u4f46\u4e0d\u4f1a\u81ea\u52a8\u643a\u5e26\u5728\u6bcf\u4e2aHTTP\u8bf7\u6c42\u4e2d\uff0c\u8fd9\u5c31\u8981\u6c42\u5f00\u53d1\u8005\u5fc5\u987b\u624b\u52a8\u5c06token\u6ce8\u5165\u8bf7\u6c42\u4e2d\u3002\u7f3a\u70b9\u662f\u5b83\u4eec\u4e0d\u53d7HttpOnly\u6807\u8bb0\u4fdd\u62a4\uff0c\u56e0\u6b64\u66f4\u5bb9\u6613\u53d7\u5230XSS\u653b\u51fb\u3002<\/p>\n<\/p>\n<p><h4>\u4ee4\u724c\u4f20\u8f93<\/h4>\n<\/p>\n<p><p>\u9664\u4e86\u5b58\u50a8\u5728cookie\u4e2d\uff0c\u4ee4\u724c\u8fd8\u53ef\u4ee5\u901a\u8fc7\u5176\u4ed6\u65b9\u5f0f\u4f20\u8f93\uff0c\u5982\u5728HTTP\u8bf7\u6c42\u7684\u5934\u90e8\u3002\u7136\u800c\uff0c\u8fd9\u901a\u5e38\u9700\u8981\u989d\u5916\u7684\u5ba2\u6237\u7aef\u903b\u8f91\u6765\u624b\u52a8\u5c06\u4ee4\u724c\u6dfb\u52a0\u5230\u6bcf\u4e2a\u8bf7\u6c42\u7684\u5934\u90e8\u4e2d\u3002<\/p>\n<\/p>\n<p><p>\u603b\u4f53\u800c\u8a00\uff0c\u5c06token\u5b58\u50a8\u4e8ecookie\u662f\u4e00\u4e2a\u53ef\u884c\u7684\u9009\u62e9\uff0c\u4f46\u9700\u8981\u8ba4\u771f\u8003\u8651\u5b9e\u65bd\u7ec6\u8282\uff0c\u4ee5\u786e\u4fdd\u5e94\u7528\u7a0b\u5e8f\u7684\u5b89\u5168\u6027\u3002\u901a\u8fc7\u7ed3\u5408\u4f7f\u7528HttpOnly\u3001Secure\u548cSameSite\u5c5e\u6027\uff0c\u5f00\u53d1\u8005\u80fd\u591f\u5927\u5e45\u5ea6\u63d0\u9ad8\u5b58\u50a8\u5728cookie\u4e2d\u7684token\u7684\u5b89\u5168\u6027\uff0c\u5e76\u6709\u6548\u9632\u8303\u6f5c\u5728\u7684\u7f51\u7edc\u653b\u51fb\u3002<\/p>\n<\/p>\n<h2><strong>\u76f8\u5173\u95ee\u7b54FAQs\uff1a<\/strong><\/h2>\n<p><strong>1. \u4e3a\u4ec0\u4e48\u8981\u5c06\u540e\u7aef\u751f\u6210\u7684token\u5b58\u50a8\u5230\u6d4f\u89c8\u5668\u7684cookie\u4e2d\uff1f<\/strong><br \/>\n\u540e\u7aef\u53ef\u4ee5\u9009\u62e9\u5c06\u751f\u6210\u7684token\u5b58\u50a8\u5230\u6d4f\u89c8\u5668\u7684cookie\u4e2d\uff0c\u8fd9\u6837\u53ef\u4ee5\u786e\u4fdd\u5bf9\u4e8e\u9700\u8981\u767b\u5f55\u7684\u5e94\u7528\u6216\u7f51\u7ad9\uff0c\u6bcf\u6b21\u53d1\u9001\u8bf7\u6c42\u65f6\u90fd\u80fd\u81ea\u52a8\u5c06token\u53d1\u9001\u7ed9\u540e\u7aef\u8fdb\u884c\u9a8c\u8bc1\u3002\u8fd9\u79cd\u65b9\u5f0f\u7b80\u5316\u4e86\u524d\u7aef\u5f00\u53d1\uff0c\u540c\u65f6\u63d0\u9ad8\u4e86\u5b89\u5168\u6027\u3002<\/p>\n<p><strong>2. token\u5b58\u50a8\u5728\u6d4f\u89c8\u5668\u7684cookie\u4e2d\u662f\u5426\u5b89\u5168\uff1f<\/strong><br \/>\n\u5c06token\u5b58\u50a8\u5230\u6d4f\u89c8\u5668\u7684cookie\u4e2d\u662f\u4e00\u79cd\u5e38\u89c1\u7684\u505a\u6cd5\uff0c\u4f46\u9700\u8981\u6ce8\u610f\u4e00\u4e9b\u5b89\u5168\u6027\u95ee\u9898\u3002\u9996\u5148\uff0c\u901a\u8fc7\u8bbe\u7f6e\u5408\u9002\u7684cookie\u9009\u9879\uff0c\u4f8b\u5982\u8bbe\u7f6eHttpOnly\u6807\u5fd7\uff0c\u53ef\u4ee5\u9632\u6b62\u6076\u610f\u811a\u672c\u6216\u653b\u51fb\u8005\u901a\u8fc7JavaScript\u8bbf\u95eecookie\uff0c\u964d\u4f4e\u4e86\u8eab\u4efd\u9a8c\u8bc1\u4fe1\u606f\u6cc4\u9732\u7684\u98ce\u9669\u3002\u5176\u6b21\uff0c\u4e3a\u4e86\u63d0\u9ad8\u5b89\u5168\u6027\uff0c\u5e94\u4f7f\u7528HTTPS\u534f\u8bae\u6765\u4f20\u8f93cookie\uff0c\u4ee5\u9632\u6b62\u4fe1\u606f\u88ab\u7a83\u542c\u6216\u7be1\u6539\u3002<\/p>\n<p><strong>3. \u9664\u4e86cookie\uff0c\u8fd8\u6709\u5176\u4ed6\u5b58\u50a8token\u7684\u65b9\u5f0f\u5417\uff1f<\/strong><br \/>\n\u9664\u4e86\u5b58\u50a8\u5728\u6d4f\u89c8\u5668\u7684cookie\u4e2d\uff0c\u540e\u7aef\u8fd8\u53ef\u4ee5\u9009\u62e9\u5176\u4ed6\u65b9\u5f0f\u6765\u5b58\u50a8token\u3002\u4f8b\u5982\uff0c\u53ef\u4ee5\u5c06token\u5b58\u50a8\u5728\u6d4f\u89c8\u5668\u7684\u672c\u5730\u5b58\u50a8\uff08localStorage\u6216sessionStorage\uff09\u4e2d\uff0c\u6216\u8005\u4f7f\u7528\u57fa\u4e8eWeb API\u7684\u65b0\u6280\u672f\uff0c\u5982IndexedDB\u3002\u6bcf\u79cd\u65b9\u5f0f\u90fd\u6709\u5176\u7279\u70b9\u548c\u9002\u7528\u573a\u666f\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u6839\u636e\u5177\u4f53\u9700\u6c42\u9009\u62e9\u9002\u5408\u7684\u5b58\u50a8\u65b9\u5f0f\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"\u53ef\u4ee5\u5c06token\u76f4\u63a5\u5b58\u50a8\u5728\u6d4f\u89c8\u5668\u7684cookie\u4e2d\uff0c\u8fd9\u79cd\u65b9\u5f0f\u5e38\u7528\u4e8e\u4fdd\u6301\u7528\u6237\u4f1a\u8bdd\u548c\u8eab\u4efd\u9a8c\u8bc1\u3002\u4f7f\u7528cookie\u5b58\u50a8t [&hellip;]","protected":false},"author":3,"featured_media":194507,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[37],"tags":[],"acf":[],"_links":{"self":[{"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/posts\/194504"}],"collection":[{"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/comments?post=194504"}],"version-history":[{"count":0,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/posts\/194504\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/media\/194507"}],"wp:attachment":[{"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/media?parent=194504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/categories?post=194504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/tags?post=194504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}