We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
欢迎纠正
The text was updated successfully, but these errors were encountered:
移步到这里:#31
Sorry, something went wrong.
No branches or pull requests
cooki劫持
https://g2ex.github.io/2015/06/29/Cookie-and-Cookie-Injection/
1攻击者通过xss拿到用户的cookie然后就可以伪造cookie了。
2或者通过csrf在同个浏览器下面通过浏览器会自动带上cookie的特性
在通过 用户网站-攻击者网站-攻击者请求用户网站的方式 浏览器会自动带上cookie
但是token
1 不会被浏览器带上 问题2 解决
2 token是放在jwt里面下发给客户端的 而且不一定存储在哪里 不能通过document.cookie直接拿到,通过jwt+ip的方式 可以防止 被劫持 即使被劫持 也是无效的jwt
欢迎纠正
The text was updated successfully, but these errors were encountered: