dongtui4038 2011-10-24 11:46
浏览 40
已采纳

在php和站点安全性中设置cookie

I am building a forum and I am not sure about the best practices of setting up a cookie.

Here is the cookie that I build as user registers the site:

       setCookie($name,$ip,time()+300000,"/");

instead of this: time()+300000. I want the cookie last forever, but I am not sure how to do it.

Also, I have a question regarding on security. how do I check that the cookie wasnt tampered or set by a hacker?

Another question, how do I check if the user allows cookies on his browser?

UPDATE:

I put this as soon as login validation is valid: setCookie($name,$ip,time()+60*60*24*365,"/");

UPDATE:

        if(!isset($_COOKIE['$name'])
        {
            $salt="androidprogrammer26@yahoo.com";
            $hash = SHA2(salt + $_POST['pass']);
            setCookie($name,$hash,time()+60*60*24*365*50,"/");
        }
  • 写回答

4条回答 默认 最新

  • dongliu5475 2011-10-24 11:58
    关注

    For duration, just use a big enough number instead of 300000.

    time() + 60 * 60 * 24 * 366 * 15 gives you 15 years.

    To prevent tampering, use a secure hash function (like SHA-2), store a secret salt (a 256-bit random string, for example) on your server, compute hash = SHA2(salt + data) and set a cookie that holds hash.

    Now, when you read the cookies, all you have to do is verify that hash has the correct value.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 angular开发过程中,想要读取模型文件,即图1的335行,会报404错误(如图2)。但我的springboot里配置了静态资源文件,如图3。且在该地址下我有模型文件如图4,请问该问题该如何解决呢?
  • ¥15 itunes恢复数据最后一步发生错误
  • ¥15 关于#windows#的问题:2024年5月15日的win11更新后资源管理器没有地址栏了顶部的地址栏和文件搜索都消失了
  • ¥100 H5网页如何调用微信扫一扫功能?
  • ¥15 讲解电路图,付费求解
  • ¥15 有偿请教计算电磁学的问题涉及到空间中时域UTD和FDTD算法结合的
  • ¥15 vite打包后,页面出现h.createElement is not a function,但本地运行正常
  • ¥15 Java,消息推送配置
  • ¥15 Java计划序号重编制功能,此功能会对所有序号重新排序,排序后不改变前后置关系。
  • ¥15 关于哈夫曼树应用得到一些问题