CSRF It's called cross site request forgery
The user mistakenly clicked the illegal website when visiting the website , Attackers steal users Cookie Information forgery requests access to other websites , Achieve your goal .
Cookie Principle of ：
Cookie Stored on the client , Some user information can be stored to ensure statefulness . In cooperation session When , Server generation session, And the corresponding sessionID Return to client store Cookie,
Pass on next request Cookie Carry .
Through this feature , Attackers can steal Cookie Information in
however token Generally stored in local storage, Then the front-end obtains the information through some methods token Send ;local
Storage Compared with the data in Cookie Higher security ; also token The string is encrypted , When it is tampered with, it is decrypted at the server, and the error of sending data can be fed back
Cookie and LocalStorage Differences between ?
1. Only text can be stored 2. A single piece of storage has a size limit 4KB about
3. Quantity limit , General browser , The limit is about 50 Left and right
4. Cross domain issues need to be addressed
5. Limitation of time
1. Main solutions Cookie Insufficient storage space , The size is generally 5M; Generally, only advanced browsers are supported
2. In privacy mode localStorage Not available , Cannot be acquired by crawler
3. Compared to sessionStorage,LocalStorage Is permanent storage
4. call localStorage Each time the interface is called, it is placed in HTTP Request header Authorization Field