Setting the secure flag in the cookie is easy
来源:互联网 发布:刘意 java 编辑:程序博客网 时间:2024/06/06 03:13
引自这里
TechRepublic had an interesting article about the Surf Jack attack. Many people commented, some giving their own solution to the problem. However many of these solutions do not prevent the attack because they do not really address it. Of course, who ever missed the details should check out the paper.
The attack has been addressed quite a while ago, and the solution is easy to implement in many occasions. So no need to reinvent the wheel or create a new solution which has not been peer reviewed yet. Here I’ll indicate how to set the secure flag in various languages / web application technologies. The idea is that besides making use of HTTPS instead of HTTP, one needs to set a flag in the cookie so that it cannot be leaked out in clear text.
PHP
bool setcookie ( string $name [, string $value [, int $expire [,string $path [, string $domain [, bool $secure [, bool $httponly ]]]]]] )
Note that the $secure boolean should be set to true.
JSP / Java Server Pages
Cookie helloCookie = new Cookie("name",text);helloCookie.setSecure(true);
ASP.NET
HttpCookie cookie = new HttpCookie('name');cookie.Secure = True;cookie.Value = 'Joe';
Perl with CGI.pm
(added by Noam)$cookie = cookie(-name=>’sessionID’,-value=>’xyzzy’,-expires=>’+1h’,-path=>’/cgi-bin/database’,-domain=>’.capricorn.org’,-secure=>1);
- Setting the secure flag in the cookie is easy
- (Selenium) The Firefox browser preference setting is stored in profile
- [转]Hosting Git repositories, The Easy (and Secure) Way
- Hosting Git repositories, The Easy (and Secure) Way
- Hosting Git repositories, The Easy (and Secure) Way
- Hosting Git repositories, The Easy (and Secure) Way
- when the preview menu is diabled in BO, you can add this setting to enabled it
- The 2007 International Capture The Flag in UCSB
- the setting of vim in ubuntu11.10
- The preview is empty because of the setting解决
- Xenomai on the Beaglebone Black in 14 easy steps ---fwqlzz love is for ever
- Setting the location for the workspace in Eclipse
- InnoDB: is in the future!
- Setting the parent of a transform which resides in a prefab is disabled to prevent data corruption
- 开发中遇到的报错-Setting the parent of a transform which resides in a prefab is disabled
- 【Unity报错】Setting the parent of a transform which resides in a prefab is disabled to prevent data cor
- BaiduMap:You cannot keep your settings in the secure settings.
- The national flag
- 问题"trouble processing "一个可能的解决方法
- GCC 命令行详解 -L 指定库的路径 -l 指定需连接的库名
- python处理跨平台应用
- 手动脱ORiEN壳实战
- OC基础回顾(四)复合
- Setting the secure flag in the cookie is easy
- 创建Repo仓库
- 什么是跨域
- Oracal 基础学习
- 第8章 基于重新排序的排名方法 阅读
- Maven+scala+spark常见问题总结
- 7.c语言中的数组介绍
- SQL 时间格式化函数
- Android中程序与Service交互的方式——综述