#cookie

HTTP API 认证授权术 | | 酷 壳 - CoolShell

Published at May 10, 2019 ·  1 min read

详细完整的 http API 认证授权的介绍,因为 http 是无状态,则需要客户端与服务端配合完整用户的认证与授权工作,常见的非别有 http basic, digest access, app secrete key + hmac, jwt json web tokens, oauth 1.0, oauth 2.0 HTTP API 认证授权术 | | 酷 壳 - CoolShell...


Client Session vs. Server Session

Published at April 16, 2019 ·  1 min read

server side session 和 client side session 的优劣,server 端的优势是可以立即废除 session,cookie 的 size 更小,用户的信息未被暴露,无须提高 cookie 大小即可存储大量 session,缺点则是复制会造成 性能的损耗以及提高复杂度,中央的数据存储将会限制伸缩并且提高延时,将 session 保存到特定服务器,则会导致服务器出现当机问题。由此可见,将一个 stateful 的服务伸缩是非常困难的。但是我们可以将 session 数据保存到客户端,以使 service stateless。client side session 的优势是,低延时,创建和验证 session 非常快,无须访问数据库,服务端无须管理状态,服务端无须 replicate,新的服务器可以很快的添加。但是缺点则是,session 不能被立即撤销,当一切都存储在 cookie 中时,实现细节和用户信息都被暴露了,因此需要一个很强的加密算法。cookie size 更大了。 Client Session vs. Server Session...


HTTP cookies

Published at April 16, 2019 ·  1 min read

Cross-site request forgery (CSRF) 这篇文章很好的解释了 CSRF 存在的来由,通过伪造 <img> 资源或 form 请求,以达到跨站获取当前用户 cookie 实现跨站攻击的目的,一个比较好的解决方式便是在后端生成 CSRF token 发送给前端,并在提交数据时在后端验证 token,此方法 只是针对 post,put 等会修改后端内容的方法,针对 get 则在设计上遵循幂等性只请求后端资源,而不进行修改。 HTTP cookies...


Tags

abcs accept acid activemq affinity algorithm allocation android array async aws b+tree b-tree backoff benchmark best-practices bfs big-o bigquery bind bitcount blog break broker bubble buffer cache cap cert cgroups channel citus class classmethod cluster concurrency config consumer container cookie cors crawler cronjob csrf ctr data-science data-structure database datadog dataflow datascience decorator defer dfs distributed django dns docker double-shipping drf ecosia elastic-search enumerate epoll extra fabric2 facebook-pixel financial-report flask flutter forward-proxy freelance frontend frp garbage-collector gc gcp generator get gil git golang goroutine graphql ha handbook haproxy hash hash-slot hashring hashtable hpa http http-auth http-proxy http_proxy https index init innodb instagram intergration interview ios javascript jinja2 jobboard jwt k8s kafka kibana kqueue label lambda layer4 layer7 lean levels.io linked-list linux list listen loadbalancer logs long-tail lru marketing master matplotlib memory merge metaclass metaprogramming metrics metrics-server microservices mitm model mq myisam mysql namespace nat netflix network-extension nginx nodejs nomad nosql npm oodesign openssl optimization orm pandas parallelism paramiko parkinglot patroni permission pg pipeline pixelme post postgresql postresql prefetch_related prerender private-key process proxy proxycommand put pvm python queue rabbitmq rbac react-native reactjs rebase redis redis-cluster replication resource rest restfulapi retargeting retry revenue reverse-proxy rocketmq rsa saas scaleable search-engine security select seo serverless service session set shadosocks shadowsocks shard sharding shell shopify sigint signal sigterm slack slave slow-query sniper sns socket socks5 source-code spa sql sqlalchemy sqs ssh ssl ssl-pinning stack startup state stateful stateless staticmethod string struct swift switch syscall system-design systemctl tcp tcp-proxy thread tmpreaper token traefik trustkit tunning type typeform udp variable vc vpn vuejs web web-development where yarn zset 削峰 宽索引 异步 窄索引 解耦 跨域 跳板机


Archives

2019 (141)