发表新帖
发表新帖

Cookies - PHP vs Javascript

前端 未结
关注
6 1099
面向向阳花
面向向阳花 2021-01-01 12:35

With regards to security and convenience which cookies are better the PHP ones or the Javascript ones?

相关标签:
6条回答
  • 小蘑菇
    2021-01-01 13:13

    They are the same ones, in both cases the cookie is sent to the browser, stored there and the browser send it back to you every request until it expires or is deleted.

    For that reason, you should never use cookie for security as your question implies nor for any data which you consider important to keep unaltered by the end user.

    There are five things to always remember when you use cookie:
    1 - you can not trust its content
    2 - you can not assume it will still be there on the next request
    3 - you can not trust its content
    4 - you can not assume the user never visited before if it's not there
    5 - you can not trust its content

    If you get that, accessing cookie from php or javascript is simply a question of what's more convenient to you.

    0 讨论(0)
  • 孤独总比滥情好
    2021-01-01 13:13

    I'm not sure if at the time you asked the question you were aware of the fact that some browsers support an additional HTTPOnly flag for cookies. In that regard, cookies sent with PHP, that contain the HTTPOnly flag cannot be modified by client-side JavaScript code in browsers that support the feature, which strengthens the security somehow.

    So, users that have a browser supporting HTTPOnly cookies, will be better protected against XSS attacks.

    0 讨论(0)
  • 独厮守ぢ
    2021-01-01 13:15

    If you are talking about Session cookies, then they can be considered to be secure in comparison with normal ones.

    0 讨论(0)
  • 感动是毒
    2021-01-01 13:30

    There is no such thing as a 'php' cookie or 'JavaScript' cookie.

    A cookie is a cookie is a cookie. The import thing is what you store in it. So, what are you storing in them?

    0 讨论(0)
  • -上瘾入骨i
    2021-01-01 13:30

    Well I'm not a security guru, but one thing's for sure. If you set them in JavaScript, since it's front-end, the user will see how you read and write your cookies and what you put in them, which means he has a lead. While doing this in PHP, will not show him how you're reading and writing them and what are you doing with them.

    0 讨论(0)
  • 说谎
    2021-01-01 13:38

    They are exactly the same, when you call setcookie() on PHP, all it does is send a HTTP header that is interpreted by the browser to store a cookie for a given lifetime. The same happens with Javascript.

    0 讨论(0)
 看不清?
提交回复
热议问题