CSRF It's called cross site request forgery

The user mistakenly clicked the illegal website when visiting the website , Attackers steal users Cookie Information forgery requests access to other websites , Achieve your goal .

Cookie Principle of :

        Cookie Stored on the client , Some user information can be stored to ensure statefulness . In cooperation session When , Server generation session, And the corresponding sessionID Return to client store Cookie,
Pass on next request Cookie Carry .

Through this feature , Attackers can steal Cookie Information in

however token Generally stored in local storage, Then the front-end obtains the information through some methods token Send ;local
Storage Compared with the data in Cookie Higher security ; also token The string is encrypted , When it is tampered with, it is decrypted at the server, and the error of sending data can be fed back

Cookie and LocalStorage Differences between ?


1. Only text can be stored 2. A single piece of storage has a size limit 4KB about

3. Quantity limit , General browser , The limit is about 50 Left and right

4. Cross domain issues need to be addressed

5. Limitation of time


1. Main solutions Cookie Insufficient storage space , The size is generally 5M; Generally, only advanced browsers are supported

2. In privacy mode localStorage Not available , Cannot be acquired by crawler

3. Compared to sessionStorage,LocalStorage Is permanent storage

4. call localStorage Each time the interface is called, it is placed in HTTP Request header Authorization Field

©2019-2020 Toolsou All rights reserved,
【C++ Must see for entry 】C++ from 0 reach 1 Introductory programming axios Interceptor packaging and use Spring Boot Interview must ask : Automatic configuration principle VMware 16 install centos 7 Detailed tutorial C Language data structure - Sequence table delete duplicates V2.0.0 The 12th Blue Bridge Cup c++b Group personal problem solving On sending data from serial port single chip microcomputer to upper computer centos7 install RabbitMqjava Polymorphic array of opencv-python Fourier transform and inverse transform