爲什麼我的cookies沒有加密?我看到他們爲純文本,我可以伊斯利編輯它們,因爲它是純文本:我使用了OCodeigniter Cookie加密
:
$config['sess_cookie_name'] = 'sess_id';
$config['sess_expiration'] = 0; //24hours -> 8640
$config['sess_expire_on_close'] = TRUE;
$config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'session';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 3000000000;
$config['encryption_key'] = 'dfs78fh834fh83h4fhhsdifsihdfh99inf83kjwnefkjwenfknwkejnfowejnf82';
,並設置cookie的我用的鉤子,看起來像這樣:
function setUserCountry($country){
$CI =& get_instance();
$CI->input->set_cookie(
array(
'name'=>'user_country',
'value'=>str_replace(array('"',"'",">","<"),"",$country),
'expire'=>'8650000000',
'secure'=>TRUE
));
}
鉤被稱爲pre_controller:
$hook['pre_controller'] = //run my cookie hook setUserCountry() method
,這是餅乾的外觀一旦創建:
爲什麼要加密cookie值?如果它是敏感信息,它屬於會話。 – 2013-04-27 09:48:51
會導致會話在瀏覽器關閉和cookies不到期時到期:P!? @Pekka웃 – sbaaaang 2013-04-27 09:51:40
當瀏覽器關閉時,您可以使會話cookie不會過期,但這可能會成爲安全問題。但是,如果您需要在當前會話之外存儲數據,爲什麼不將其存儲在用戶記錄中? – 2013-04-27 09:56:03