php与asp共用cookie

<script type="text/javascript"><!--google_ad_client = "pub-4490194096475053";/* 内容页,300x250,第一屏 */google_ad_slot = "3685991503";google_ad_width = 300;google_ad_height = 250;//--></script><script type="text/javascript"src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>

因为涉及到根域的cookie保存，所以就涉及到cookie的安全性，如何才能确保cookie是正确的，没有被修改过的。
asp中cookie是类似数组的形式存在的（Response.Cookies("gbmad")("name")，Response.Cookies("gbmad")("pass")），而php却不行，为此我自己写了个函数在php中使php可以读写asp保存的cookie（以数组的形式），这个问题虽然解决了，可是却不能解决cookie的正确性与否。

我的想法是给cookie加个验证码，通过一个特定的函数把cookie进行加密，如md5，获得一个验证码，在读取cookie的时候比较一下这个验证码，正确则说明cookie没有被修改过，如果要获得这个md5值就必须保证cookie的字符连接顺序是一样的，这个就有点难了，毕竟asp里的数组没有key，更不能排序，我就想先给加上key吧，第一反映就是Scripting.Dictionary，又想到很多人都会把scrrun.dll卸载（不知道这些人怎么想的，windows安全配置不好，都怪罪到scrrun.dll头上来了），于是就写了个asp下类，可以有key，赋值就用cookie.Item("name") = "name"，Scripting.Dictionary一样的方式，处于习惯，我都会简单做个测试，测试下这个类的效率如何，结果如上面的演示，结果发现效率好低啊，但是还是拿出来给大家分享下，所以可以的情况下大家还是用Scripting.Dictionary，Scripting.Dictionary的效率还是比较高的。

研究出来的函数，先丢下，注意，这里没有加上一个key，这样的的话也是可以伪造cookie，但是只要在CookieEncrypt和CookieDecrypt函数的md5是加上一个自己定义的key，只要不知道这个key就没法伪造cookie了，这里可以确保cookie不能伪造，不能确保cookie被盗用，防盗用的方式就是把客户的ip加到md5里去（但是似乎以前碰到过有用户的ip是几分钟就更换一次的情况）
asp端的函数：

程序代码
Public Function CookieEncrypt(ByVal cookiename, ByVal cookiekey, ByVal cookieval, ByVal expire, ByVal path, ByVal domain)
Dim cookie, sessionid, i, l
If (IsArray(cookiekey) And IsArray(cookieval)) Then
Call Randomize()
sessionid = CLng(Rnd() * 10000000)
cookie = cookiename & "="
l = UBound(cookiekey)
For i = 0 To l
cookie = cookie & Server.UrlEnCode(cookiekey(i)) & "=" & Server.UrlEnCode(cookiekey(i)) & "&"
Response.Cookies(cookiename)(cookiekey(i)) = cookiekey(i)
Next
cookie = cookie & "sessionid=" & sessionid
Response.Cookies(cookiename)("sessionid") = sessionid
cookiekey = Join(cookiekey, ",") & ",sessionid,cookieseries"
Response.Cookies(cookiename)("cookieseries") = cookiekey
cookie = cookie & "&cookieseries=" & Server.UrlEnCode(cookiekey)
Response.Cookies(cookiename)("cookiehash") = md5(cookie)
CookieEncrypt = True
Else
CookieEncrypt = False
End If
End Function
Public Function CookieDecrypt(ByVal cookiename)
Dim cookie, cookiekey, i, l
cookiekey = Request.Cookies(cookiename)("cookieseries")
If (Len(cookiekey) > 0) Then
cookiekey = Split(cookiekey, ",")
cookie = cookiename & "="
l = UBound(cookiekey)
For i = 0 To l
cookie = cookie & Server.UrlEnCode(cookiekey(i)) & "=" & Server.UrlEnCode(Request.Cookies(cookiename)(cookiekey(i))) & "&"
Next
cookie = left(cookie, (Len(cookie) - 1))
If (Request.Cookies(cookiename)("cookiehash") = md5(cookie)) Then
CookieDecrypt = True
Else
CookieDecrypt = False
End If
Else
CookieDecrypt = False
End If
End Function

使用方法：(md5函数自行解决，md5在asp下效率实在低啊)
写cookie：

程序代码
cookiekey = Array("name", "word")
cookieval = Array("name", "word")
Call SaveCookie("passport", cookiekey, cookieval, "", 0, "")
还没加上保存域的设置。
读cookie：（做个判断，时候正确，然后就可以一一读）

程序代码
If (LoadCookie("passport")) Then
For each aa In Request.Cookies("passport")
Call Response.Write(aa & ":" & Request.Cookies("passport")(aa) & "<br />")
Next
Else
Call Response.Write("Cookie Error")
End If

php端的函数：

程序代码
function CookieEncrypt($cookiename, $cookievalue, $expire = 0, $path = '', $domain = '') {
if (is_array($cookievalue)) {
$cookie = urlencode($cookiename) . '=';
$ck = array();
foreach ($cookievalue as $key => $val) {
$cookie .= urlencode($key) . '=' . urlencode($val) . '&';
$ck[] = $key;
}
$key = mt_rand(1000000, 9999999);
$cookie .= 'sessionid=' . $key;
$ck[] = 'sessionid';
$ck[] = 'cookieseries';
$cookie .= '&cookieseries=' . urlencode(implode(',', $ck));
$cookie .= '&cookiehash=' . md5($cookie);
if ($expire) {
$cookie .= '; expires=' . date('D, d-M-Y H:i:s', $expire) . ' GMT';
}
if ($path) {
$cookie .= '; path=' . $path;
}
if ($domain) {
$cookie .= '; domain=' . $domain;
}
header('Set-Cookie: ' . $cookie, false);
return true;
} else {
return false;
}
}

function CookieDecrypt($cookiename) {
$cookie = $_SERVER['HTTP_COOKIE'];
$carr = explode('; ', $cookie);
foreach ($carr as $val) {
if ($ipos = strpos($val, '=')) {
if (urldecode(substr($val, 0, $ipos)) == $cookiename) {
$cookie = substr($val, $ipos + 1);
break;
}
}
}
if ($cookie) {
$carr = explode('&', $cookie);
$cookie = array();
foreach ($carr as $kav) {
if ($ipos = strpos($kav, '=')) {
$cookie[urldecode(substr($kav, 0, $ipos))] = urldecode(substr($kav, $ipos + 1));
}
}
$ck = explode(',', $cookie['cookieseries']);
$c = $cookiename . '=';
foreach ($ck as $val) {
$c .= urlencode($val) . '=' . urlencode($cookie[$val]) . '&';
}
$c = substr($c, 0, -1);
if (md5($c) == $cookie['cookiehash']) {
return $cookie;
} else {
return array();
}
} else {
return array();
}
}

使用方法：(php下md5的效率就是高啊)
写cookie：

程序代码
$passport = array();
$passport['un'] = '0';
$passport['bn'] = '1';
CookieEncrypt('passport', $passport);
读cookie：
$c = CookieDecrypt('passport');
print_r($c);

 

<script type="text/javascript"><!--google_ad_client = "pub-4490194096475053";/* 728x90, 创建于 08-12-8 */google_ad_slot = "0403648181";google_ad_width = 728;google_ad_height = 90;//--></script><script type="text/javascript"src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>