New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[网络] 50. cookie 和 token 都存放在 header 中，为什么不会劫持 token？ #987

Open

qiilee opened this issue Feb 24, 2020 · 1 comment

Labels

Member

qiilee commented Feb 24, 2020

No description provided.

qiilee added the 网络安全 label

HYzoro commented Oct 14, 2020

浏览器发送请求的时候不会自动带上token，而cookie在浏览器发送请求的时候会被自动带上。

csrf就是利用的这一特性，所以token可以防范csrf，而cookie不能。

JWT本身只关心请求的安全性，并不关心toekn本身的安全。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment