Alternative to HTTP Cookies?

前端 未结 3 1515
感动是毒
感动是毒 2021-02-04 04:32

They say Cookies are bad. I personally believe there should be a "smarter" way to detect the state of a user on a web app.

Say, currently this is how it works i

相关标签:
3条回答
  • 2021-02-04 04:54

    You need secure cookies with cookie prefixes. Cookie prefixes __Secure-* and ___Host-* secure your cookies by ensuring that they are only set by and sent over secure connections preventing cookie sniffing and man-in-the-middle attacks.

    For additional security you could force your users to only log in from a whitelist of specific IP addresses.

    0 讨论(0)
  • 2021-02-04 05:06

    One of the Fundamental principals of REST, and I mean real REST is not to store state on the server, if there is no state on the server, then there is no need for a cookie to be used as a key to look that state up.

    0 讨论(0)
  • 2021-02-04 05:14

    I believe the information in this resource from google and/or this link will help you to find alternatives for saving information on the client-side.

    Basically... there are 4 different ways to store data on client-side without using cookies:

    1. Web SQL (my favorite, and it's NOT obsolete)
    2. IndexedDB (another Database with different structure and acceptance)
    3. Web Storage (Session and Local key/value pairs)
    4. Application Cache (Files for WebApps)

    I believe that for your specific need the Web Storage Local pairs are the right solution.

    0 讨论(0)
提交回复
热议问题