New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[html] 第242天如何防止cookie被盗用？ #1645

Open

haizhilin2013 opened this issue Dec 13, 2019 · 2 comments

Labels

html

Collaborator

haizhilin2013 commented Dec 13, 2019

第242天如何防止cookie被盗用？

我也要出题

haizhilin2013 added the html label

forever-z-133 commented Dec 14, 2019

https
加 IP 判断
缩短有效时间

zishiluojin commented Dec 17, 2019 •

edited

Loading

禁止第三方网站带cookie(same-site属性)
每次请求需要输入图形验证码
使用Token验证
为cookie设置HttpOnly
设置CSP
使用Referer验证
禁止网页内嵌
使用https
cookie带上用户ip加密

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment