浏览器cookie数 跨站请求伪造 欧盟Cookie指令
<?php
for ($w=0; $w < 200 ; $w++) {
setcookie('name'.$w,'value'.$w, time()+3600*10 );
}
var_dump($_COOKIE);
/*
IE 11.0.20
array (size=50)
'name150' => string 'value150' (length=8)
'name151' => string 'value151' (length=8)
'name152' => string 'value152' (length=8)
'name153' => string 'value153' (length=8)
'name154' => string 'value154' (length=8)
'name155' => string 'value155' (length=8)
'name156' => string 'value156' (length=8)
'name157' => string 'value157' (length=8)
'name158' => string 'value158' (length=8)
'name159' => string 'value159' (length=8)
'name160' => string 'value160' (length=8)
'name161' => string 'value161' (length=8)
'name162' => string 'value162' (length=8)
'name163' => string 'value163' (length=8)
'name164' => string 'value164' (length=8)
'name165' => string 'value165' (length=8)
'name166' => string 'value166' (length=8)
'name167' => string 'value167' (length=8)
'name168' => string 'value168' (length=8)
'name169' => string 'value169' (length=8)
'name170' => string 'value170' (length=8)
'name171' => string 'value171' (length=8)
'name172' => string 'value172' (length=8)
'name173' => string 'value173' (length=8)
'name174' => string 'value174' (length=8)
'name175' => string 'value175' (length=8)
'name176' => string 'value176' (length=8)
'name177' => string 'value177' (length=8)
'name178' => string 'value178' (length=8)
'name179' => string 'value179' (length=8)
'name180' => string 'value180' (length=8)
'name181' => string 'value181' (length=8)
'name182' => string 'value182' (length=8)
'name183' => string 'value183' (length=8)
'name184' => string 'value184' (length=8)
'name185' => string 'value185' (length=8)
'name186' => string 'value186' (length=8)
'name187' => string 'value187' (length=8)
'name188' => string 'value188' (length=8)
'name189' => string 'value189' (length=8)
'name190' => string 'value190' (length=8)
'name191' => string 'value191' (length=8)
'name192' => string 'value192' (length=8)
'name193' => string 'value193' (length=8)
'name194' => string 'value194' (length=8)
'name195' => string 'value195' (length=8)
'name196' => string 'value196' (length=8)
'name197' => string 'value197' (length=8)
'name198' => string 'value198' (length=8)
'name199' => string 'value199' (length=8) Firefox 47.0.1
array (size=150)
'name50' => string 'value50' (length=7)
'name51' => string 'value51' (length=7)
'name52' => string 'value52' (length=7)
'name53' => string 'value53' (length=7)
'name54' => string 'value54' (length=7)
'name55' => string 'value55' (length=7)
'name56' => string 'value56' (length=7)
'name57' => string 'value57' (length=7)
'name58' => string 'value58' (length=7)
'name59' => string 'value59' (length=7)
'name60' => string 'value60' (length=7)
'name61' => string 'value61' (length=7)
'name62' => string 'value62' (length=7)
'name63' => string 'value63' (length=7)
'name64' => string 'value64' (length=7)
'name65' => string 'value65' (length=7)
'name66' => string 'value66' (length=7)
'name67' => string 'value67' (length=7)
'name68' => string 'value68' (length=7)
'name69' => string 'value69' (length=7)
'name70' => string 'value70' (length=7)
'name71' => string 'value71' (length=7)
'name72' => string 'value72' (length=7)
'name73' => string 'value73' (length=7)
'name74' => string 'value74' (length=7)
'name75' => string 'value75' (length=7)
'name76' => string 'value76' (length=7)
'name77' => string 'value77' (length=7)
'name78' => string 'value78' (length=7)
'name79' => string 'value79' (length=7)
'name80' => string 'value80' (length=7)
'name81' => string 'value81' (length=7)
'name82' => string 'value82' (length=7)
'name83' => string 'value83' (length=7)
'name84' => string 'value84' (length=7)
'name85' => string 'value85' (length=7)
'name86' => string 'value86' (length=7)
'name87' => string 'value87' (length=7)
'name88' => string 'value88' (length=7)
'name89' => string 'value89' (length=7)
'name90' => string 'value90' (length=7)
'name91' => string 'value91' (length=7)
'name92' => string 'value92' (length=7)
'name93' => string 'value93' (length=7)
'name94' => string 'value94' (length=7)
'name95' => string 'value95' (length=7)
'name96' => string 'value96' (length=7)
'name97' => string 'value97' (length=7)
'name98' => string 'value98' (length=7)
'name99' => string 'value99' (length=7)
'name100' => string 'value100' (length=8)
'name101' => string 'value101' (length=8)
'name102' => string 'value102' (length=8)
'name103' => string 'value103' (length=8)
'name104' => string 'value104' (length=8)
'name105' => string 'value105' (length=8)
'name106' => string 'value106' (length=8)
'name107' => string 'value107' (length=8)
'name108' => string 'value108' (length=8)
'name109' => string 'value109' (length=8)
'name110' => string 'value110' (length=8)
'name111' => string 'value111' (length=8)
'name112' => string 'value112' (length=8)
'name113' => string 'value113' (length=8)
'name114' => string 'value114' (length=8)
'name115' => string 'value115' (length=8)
'name116' => string 'value116' (length=8)
'name117' => string 'value117' (length=8)
'name118' => string 'value118' (length=8)
'name119' => string 'value119' (length=8)
'name120' => string 'value120' (length=8)
'name121' => string 'value121' (length=8)
'name122' => string 'value122' (length=8)
'name123' => string 'value123' (length=8)
'name124' => string 'value124' (length=8)
'name125' => string 'value125' (length=8)
'name126' => string 'value126' (length=8)
'name127' => string 'value127' (length=8)
'name128' => string 'value128' (length=8)
'name129' => string 'value129' (length=8)
'name130' => string 'value130' (length=8)
'name131' => string 'value131' (length=8)
'name132' => string 'value132' (length=8)
'name133' => string 'value133' (length=8)
'name134' => string 'value134' (length=8)
'name135' => string 'value135' (length=8)
'name136' => string 'value136' (length=8)
'name137' => string 'value137' (length=8)
'name138' => string 'value138' (length=8)
'name139' => string 'value139' (length=8)
'name140' => string 'value140' (length=8)
'name141' => string 'value141' (length=8)
'name142' => string 'value142' (length=8)
'name143' => string 'value143' (length=8)
'name144' => string 'value144' (length=8)
'name145' => string 'value145' (length=8)
'name146' => string 'value146' (length=8)
'name147' => string 'value147' (length=8)
'name148' => string 'value148' (length=8)
'name149' => string 'value149' (length=8)
'name150' => string 'value150' (length=8)
'name151' => string 'value151' (length=8)
'name152' => string 'value152' (length=8)
'name153' => string 'value153' (length=8)
'name154' => string 'value154' (length=8)
'name155' => string 'value155' (length=8)
'name156' => string 'value156' (length=8)
'name157' => string 'value157' (length=8)
'name158' => string 'value158' (length=8)
'name159' => string 'value159' (length=8)
'name160' => string 'value160' (length=8)
'name161' => string 'value161' (length=8)
'name162' => string 'value162' (length=8)
'name163' => string 'value163' (length=8)
'name164' => string 'value164' (length=8)
'name165' => string 'value165' (length=8)
'name166' => string 'value166' (length=8)
'name167' => string 'value167' (length=8)
'name168' => string 'value168' (length=8)
'name169' => string 'value169' (length=8)
'name170' => string 'value170' (length=8)
'name171' => string 'value171' (length=8)
'name172' => string 'value172' (length=8)
'name173' => string 'value173' (length=8)
'name174' => string 'value174' (length=8)
'name175' => string 'value175' (length=8)
'name176' => string 'value176' (length=8)
'name177' => string 'value177' (length=8)
more elements... Chrome Version 52.0.2743.116 m (64-bit)
150-180
array (size=156)
'name44' => string 'value44' (length=7)
'name45' => string 'value45' (length=7)
'name46' => string 'value46' (length=7)
'name47' => string 'value47' (length=7)
'name48' => string 'value48' (length=7)
'name49' => string 'value49' (length=7)
'name50' => string 'value50' (length=7)
'name51' => string 'value51' (length=7)
'name52' => string 'value52' (length=7)
'name53' => string 'value53' (length=7)
'name54' => string 'value54' (length=7)
'name55' => string 'value55' (length=7)
'name56' => string 'value56' (length=7)
'name57' => string 'value57' (length=7)
'name58' => string 'value58' (length=7)
'name59' => string 'value59' (length=7)
'name60' => string 'value60' (length=7)
'name61' => string 'value61' (length=7)
'name62' => string 'value62' (length=7)
'name63' => string 'value63' (length=7)
'name64' => string 'value64' (length=7)
'name65' => string 'value65' (length=7)
'name66' => string 'value66' (length=7)
'name67' => string 'value67' (length=7)
'name68' => string 'value68' (length=7)
'name69' => string 'value69' (length=7)
'name70' => string 'value70' (length=7)
'name71' => string 'value71' (length=7)
'name72' => string 'value72' (length=7)
'name73' => string 'value73' (length=7)
'name74' => string 'value74' (length=7)
'name75' => string 'value75' (length=7)
'name76' => string 'value76' (length=7)
'name77' => string 'value77' (length=7)
'name78' => string 'value78' (length=7)
'name79' => string 'value79' (length=7)
'name80' => string 'value80' (length=7)
'name81' => string 'value81' (length=7)
'name82' => string 'value82' (length=7)
'name83' => string 'value83' (length=7)
'name84' => string 'value84' (length=7)
'name85' => string 'value85' (length=7)
'name86' => string 'value86' (length=7)
'name87' => string 'value87' (length=7)
'name88' => string 'value88' (length=7)
'name89' => string 'value89' (length=7)
'name90' => string 'value90' (length=7)
'name91' => string 'value91' (length=7)
'name92' => string 'value92' (length=7)
'name93' => string 'value93' (length=7)
'name94' => string 'value94' (length=7)
'name95' => string 'value95' (length=7)
'name96' => string 'value96' (length=7)
'name97' => string 'value97' (length=7)
'name98' => string 'value98' (length=7)
'name99' => string 'value99' (length=7)
'name100' => string 'value100' (length=8)
'name101' => string 'value101' (length=8)
'name102' => string 'value102' (length=8)
'name103' => string 'value103' (length=8)
'name104' => string 'value104' (length=8)
'name105' => string 'value105' (length=8)
'name106' => string 'value106' (length=8)
'name107' => string 'value107' (length=8)
'name108' => string 'value108' (length=8)
'name109' => string 'value109' (length=8)
'name110' => string 'value110' (length=8)
'name111' => string 'value111' (length=8)
'name112' => string 'value112' (length=8)
'name113' => string 'value113' (length=8)
'name114' => string 'value114' (length=8)
'name115' => string 'value115' (length=8)
'name116' => string 'value116' (length=8)
'name117' => string 'value117' (length=8)
'name118' => string 'value118' (length=8)
'name119' => string 'value119' (length=8)
'name120' => string 'value120' (length=8)
'name121' => string 'value121' (length=8)
'name122' => string 'value122' (length=8)
'name123' => string 'value123' (length=8)
'name124' => string 'value124' (length=8)
'name125' => string 'value125' (length=8)
'name126' => string 'value126' (length=8)
'name127' => string 'value127' (length=8)
'name128' => string 'value128' (length=8)
'name129' => string 'value129' (length=8)
'name130' => string 'value130' (length=8)
'name131' => string 'value131' (length=8)
'name132' => string 'value132' (length=8)
'name133' => string 'value133' (length=8)
'name134' => string 'value134' (length=8)
'name135' => string 'value135' (length=8)
'name136' => string 'value136' (length=8)
'name137' => string 'value137' (length=8)
'name138' => string 'value138' (length=8)
'name139' => string 'value139' (length=8)
'name140' => string 'value140' (length=8)
'name141' => string 'value141' (length=8)
'name142' => string 'value142' (length=8)
'name143' => string 'value143' (length=8)
'name144' => string 'value144' (length=8)
'name145' => string 'value145' (length=8)
'name146' => string 'value146' (length=8)
'name147' => string 'value147' (length=8)
'name148' => string 'value148' (length=8)
'name149' => string 'value149' (length=8)
'name150' => string 'value150' (length=8)
'name151' => string 'value151' (length=8)
'name152' => string 'value152' (length=8)
'name153' => string 'value153' (length=8)
'name154' => string 'value154' (length=8)
'name155' => string 'value155' (length=8)
'name156' => string 'value156' (length=8)
'name157' => string 'value157' (length=8)
'name158' => string 'value158' (length=8)
'name159' => string 'value159' (length=8)
'name160' => string 'value160' (length=8)
'name161' => string 'value161' (length=8)
'name162' => string 'value162' (length=8)
'name163' => string 'value163' (length=8)
'name164' => string 'value164' (length=8)
'name165' => string 'value165' (length=8)
'name166' => string 'value166' (length=8)
'name167' => string 'value167' (length=8)
'name168' => string 'value168' (length=8)
'name169' => string 'value169' (length=8)
'name170' => string 'value170' (length=8)
'name171' => string 'value171' (length=8)
more elements... */
发问:
0-chrome为什么是一个‘伪随机值’?
HTTP Cookie(也叫Web Cookie或浏览器Cookie)是服务器发送到用户浏览器并保存在本地的一小块数据,它会在浏览器下次向同一服务器再发起请求时被携带并发送到服务器上。通常,它用于告知服务端两个请求是否来自同一浏览器,如保持用户的登录状态。Cookie使基于无状态的HTTP协议记录稳定的状态信息成为了可能。
Cookie主要用于以下三个方面:
- 会话状态管理(如用户登录状态、购物车、游戏分数或其它需要记录的信息)
- 个性化设置(如用户自定义设置、主题等)
- 浏览器行为跟踪(如跟踪分析用户行为等)
Cookie曾一度用于客户端数据的存储,因当时并没有其它合适的存储办法而作为唯一的存储手段,但现在随着现代浏览器开始支持各种各样的存储方式,Cookie渐渐被淘汰。由于服务器指定Cookie后,浏览器的每次请求都会携带Cookie数据,会带来额外的性能开销(尤其是在移动环境下)。新的浏览器API已经允许开发者直接将数据存储到本地,如使用 Web storage API (本地存储和会话存储)或 IndexedDB 。
https://en.wikipedia.org/wiki/HTTP_cookie
Cross-site request forgery
For example, Bob might be browsing a chat forum where another user, Mallory, has posted a message. Suppose that Mallory has crafted an HTML image element that references an action on Bob's bank's website (rather than an image file), e.g.,
<img src="http://bank.example.com/withdraw?account=bob&amount=1000000&for=mallory">
If Bob's bank keeps his authentication information in a cookie, and if the cookie hasn't expired, then the attempt by Bob's browser to load the image will submit the withdrawal form with his cookie, thus authorizing a transaction without Bob's approval.
Cookie的缺陷
- Cookie会被附加在每个HTTP请求中,所以无形中增加了流量。
- 由于在HTTP请求中的Cookie是明文传递的,所以安全性成问题,除非用HTTPS。
- Cookie的大小限制在4KB左右,对于复杂的存储需求来说是不够用的。[3]
使用Cookies
用户可以改变浏览器的设置,以使用Cookies。同时一些浏览器自带或安装开发者工具包允许用户查看、修改或删除特定网站的Cookies信息。
识别功能
如果在一台计算机中安装多个浏览器,每个浏览器都会以独立的空间存放Cookie。因为Cookie中不但可以确认用户信息,还能包含计算机和浏览器的信息,所以一个用户使用不同的浏览器登录或者用不同的计算机登录,都会得到不同的Cookie信息,另一方面,对于在同一台计算机上使用同一浏览器的多用户群,Cookie不会区分他们的身份,除非他们使用不同的用户名登录。
https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Cookies
欧盟Cookie指令
关于Cookie,欧盟已经在2009/136/EC指令中提了相关要求,该指令已于2011年5月25日生效。虽然指令并不属于法律,但它要求欧盟各成员国通过制定相关的法律来满足该指令所提的要求。当然,各国实际制定法律会有所差别。
该欧盟指令的大意:在征得用户的同意之前,网站不允许通过计算机、手机或其他设备存储、检索任何信息。自从那以后,很多网站都在网站声明中添加了相关说明,告诉用户他们的Cookie将用于何处。
可以通过维基百科的相关内容获取最新的各国法律和更精确的信息。
僵尸Cookie和删不掉的Cookie
Cookie的一个极端使用例子是僵尸Cookie(或称之为“删不掉的Cookie”),这类Cookie较难以删除,甚至删除之后会自动重建。它们一般是使用Web storage API、Flash本地共享对象或者其他技术手段来达到的。相关内容可以看:
浏览器cookie数 跨站请求伪造 欧盟Cookie指令的更多相关文章
- Tornado 的安全性保障机制Cookie XSRF跨站请求伪造阻断 &用户验证机制
6.1 Cookie 对于RequestHandler,除了在第二章中讲到的之外,还提供了操作cookie的方法. 设置/获取 注意:Cookie 在浏览器调试时, 只有在第一次访问该网站的时候获取到 ...
- 跨站请求伪造和cookie伪造
CSRF(Cross-site request forgery跨站请求伪造,也被称成为“one click attack”或者session riding,通常缩写为CSRF或者XSRF,是一种对网站 ...
- 跨站请求伪造 CSRF / XSRF<一:介绍>
跨站请求伪造(英语:Cross-site request forgery),也被称为 one-click attack 或者 session riding,通常缩写为 CSRF 或者 XSRF, 是一 ...
- python 全栈开发,Day87(ajax登录示例,CSRF跨站请求伪造,Django的中间件,自定义分页)
一.ajax登录示例 新建项目login_ajax 修改urls.py,增加路径 from app01 import views urlpatterns = [ path('admin/', admi ...
- django之cookies,session 、中间件及跨站请求伪造
cookies 和session 为什么会有cookie? 由于http协议是无状态的,即用户访问过后,不留痕迹(状态可以理解为客户端和服务器在某次会话中产生的数据,那无状态的就以为这些数据不会被 ...
- CSRF Cross-site request forgery 跨站请求伪造
跨站请求伪造目标站---无知用户---恶意站 http://fallensnow-jack.blogspot.com/2011/08/webgoat-csrf.html https://wiki.ca ...
- 教你轻松解决CSRF跨站请求伪造攻击
摘要:CSRF(Cross-site request forgery)跨站请求伪造,通过伪装来自受信任用户的请求来利用受信任的网站.与XSS攻击相比,CSRF攻击往往不大流行(因此对其进行防范的资源也 ...
- 关于XSS(跨站脚本攻击)和CSRF(跨站请求伪造)
我们常说的网络安全其实应该包括以下三方面的安全: 1.机密性,比如用户的隐私被窃取,帐号被盗,常见的方式是木马. 2.完整性,比如数据的完整,举个例子,康熙传位十四子,被当时四阿哥篡改遗诏:传位于四子 ...
- csrf跨站请求伪造
如何杜绝跨站请求伪造? 1.要让服务器知道本次请求是不是冒用了用户的身份→ 2.服务器发给用户一个凭证,用户请求时需携带此凭证→ 3.此凭证只能用户看到而且冒用者看不到→ 4.这就用到了浏览器的安全机 ...
随机推荐
- php工具、拓展下载地址
php工具.拓展下载地址 php各版本下载地址: https://windows.php.net/downloads/releases/archives/ php_redis 下载地址 windwos ...
- abp vNext微服务框架分析
本文转载自:https://www.cnblogs.com/william-xu/p/11245738.html abp vNext新框架的热度一直都很高,于是最近上手将vNext的微服务Demo做了 ...
- spring常用的事务传播属性说明
事务Transaction,就是一组操作数据库的动作集合.事务是现代数据库理论中的核心概念之一.如果一组处理步骤或者全部发生或者一步也不执行,我们称该组处理步骤为一个事务.当所有的步骤像一个操作一样被 ...
- FastJSON JSONObject 字段排序 Feature.OrderedField
package cn.tongdun.robot.web; import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.TypeRefe ...
- typescript 参数类型
1.参数类型:在参数名称后面使用冒号来指定参数的类型 var myname:string = 'wzn' => "use strict"; var myname = 'wzn ...
- P2939 [USACO09FEB]改造路[分层图最短路]
题意翻译 约翰一共有N)个牧场.由M条布满尘埃的小径连接.小径可 以双向通行.每天早上约翰从牧场1出发到牧场N去给奶牛检查身体. 通过每条小径都需要消耗一定的时间.约翰打算升级其中K条小径,使之成为高 ...
- [Apio2010]patrol 巡逻
1912: [Apio2010]patrol 巡逻 Time Limit: 4 Sec Memory Limit: 64 MBSubmit: 2541 Solved: 1288[Submit][S ...
- new char()与new char[]区别
char *pc = new char(15); //开辟一个内存单元,并用括号里的初始化(用15来初始化你定义的指针所指向的那个char)char *pc = new char[15]; //开辟一 ...
- C#指针使用demo
#region 使用指针检索数据值 //class program //{ // // 1.项目属性勾选“允许不安全代码” // // 2.使用unsafe 修饰符 // // 这里是将整个Main方 ...
- scanf()函数的调用:编写求正方形面积的通用程序
#include<stdio.h>void main(){ int a, area; scanf("%d",&a); //等待用户从键盘输入一个整数// are ...