浏览器cookie数 跨站请求伪造 欧盟Cookie指令
1 <?php 2 for ($w=0; $w < 200 ; $w++) { 3 setcookie('name'.$w,'value'.$w, time()+3600*10 ); 4 } 5 var_dump($_COOKIE); 6 /* 7 IE 11.0.20 8 array (size=50) 9 'name150' => string 'value150' (length=8) 10 'name151' => string 'value151' (length=8) 11 'name152' => string 'value152' (length=8) 12 'name153' => string 'value153' (length=8) 13 'name154' => string 'value154' (length=8) 14 'name155' => string 'value155' (length=8) 15 'name156' => string 'value156' (length=8) 16 'name157' => string 'value157' (length=8) 17 'name158' => string 'value158' (length=8) 18 'name159' => string 'value159' (length=8) 19 'name160' => string 'value160' (length=8) 20 'name161' => string 'value161' (length=8) 21 'name162' => string 'value162' (length=8) 22 'name163' => string 'value163' (length=8) 23 'name164' => string 'value164' (length=8) 24 'name165' => string 'value165' (length=8) 25 'name166' => string 'value166' (length=8) 26 'name167' => string 'value167' (length=8) 27 'name168' => string 'value168' (length=8) 28 'name169' => string 'value169' (length=8) 29 'name170' => string 'value170' (length=8) 30 'name171' => string 'value171' (length=8) 31 'name172' => string 'value172' (length=8) 32 'name173' => string 'value173' (length=8) 33 'name174' => string 'value174' (length=8) 34 'name175' => string 'value175' (length=8) 35 'name176' => string 'value176' (length=8) 36 'name177' => string 'value177' (length=8) 37 'name178' => string 'value178' (length=8) 38 'name179' => string 'value179' (length=8) 39 'name180' => string 'value180' (length=8) 40 'name181' => string 'value181' (length=8) 41 'name182' => string 'value182' (length=8) 42 'name183' => string 'value183' (length=8) 43 'name184' => string 'value184' (length=8) 44 'name185' => string 'value185' (length=8) 45 'name186' => string 'value186' (length=8) 46 'name187' => string 'value187' (length=8) 47 'name188' => string 'value188' (length=8) 48 'name189' => string 'value189' (length=8) 49 'name190' => string 'value190' (length=8) 50 'name191' => string 'value191' (length=8) 51 'name192' => string 'value192' (length=8) 52 'name193' => string 'value193' (length=8) 53 'name194' => string 'value194' (length=8) 54 'name195' => string 'value195' (length=8) 55 'name196' => string 'value196' (length=8) 56 'name197' => string 'value197' (length=8) 57 'name198' => string 'value198' (length=8) 58 'name199' => string 'value199' (length=8) 59 60 61 62 63 64 Firefox 47.0.1 65 array (size=150) 66 'name50' => string 'value50' (length=7) 67 'name51' => string 'value51' (length=7) 68 'name52' => string 'value52' (length=7) 69 'name53' => string 'value53' (length=7) 70 'name54' => string 'value54' (length=7) 71 'name55' => string 'value55' (length=7) 72 'name56' => string 'value56' (length=7) 73 'name57' => string 'value57' (length=7) 74 'name58' => string 'value58' (length=7) 75 'name59' => string 'value59' (length=7) 76 'name60' => string 'value60' (length=7) 77 'name61' => string 'value61' (length=7) 78 'name62' => string 'value62' (length=7) 79 'name63' => string 'value63' (length=7) 80 'name64' => string 'value64' (length=7) 81 'name65' => string 'value65' (length=7) 82 'name66' => string 'value66' (length=7) 83 'name67' => string 'value67' (length=7) 84 'name68' => string 'value68' (length=7) 85 'name69' => string 'value69' (length=7) 86 'name70' => string 'value70' (length=7) 87 'name71' => string 'value71' (length=7) 88 'name72' => string 'value72' (length=7) 89 'name73' => string 'value73' (length=7) 90 'name74' => string 'value74' (length=7) 91 'name75' => string 'value75' (length=7) 92 'name76' => string 'value76' (length=7) 93 'name77' => string 'value77' (length=7) 94 'name78' => string 'value78' (length=7) 95 'name79' => string 'value79' (length=7) 96 'name80' => string 'value80' (length=7) 97 'name81' => string 'value81' (length=7) 98 'name82' => string 'value82' (length=7) 99 'name83' => string 'value83' (length=7) 100 'name84' => string 'value84' (length=7) 101 'name85' => string 'value85' (length=7) 102 'name86' => string 'value86' (length=7) 103 'name87' => string 'value87' (length=7) 104 'name88' => string 'value88' (length=7) 105 'name89' => string 'value89' (length=7) 106 'name90' => string 'value90' (length=7) 107 'name91' => string 'value91' (length=7) 108 'name92' => string 'value92' (length=7) 109 'name93' => string 'value93' (length=7) 110 'name94' => string 'value94' (length=7) 111 'name95' => string 'value95' (length=7) 112 'name96' => string 'value96' (length=7) 113 'name97' => string 'value97' (length=7) 114 'name98' => string 'value98' (length=7) 115 'name99' => string 'value99' (length=7) 116 'name100' => string 'value100' (length=8) 117 'name101' => string 'value101' (length=8) 118 'name102' => string 'value102' (length=8) 119 'name103' => string 'value103' (length=8) 120 'name104' => string 'value104' (length=8) 121 'name105' => string 'value105' (length=8) 122 'name106' => string 'value106' (length=8) 123 'name107' => string 'value107' (length=8) 124 'name108' => string 'value108' (length=8) 125 'name109' => string 'value109' (length=8) 126 'name110' => string 'value110' (length=8) 127 'name111' => string 'value111' (length=8) 128 'name112' => string 'value112' (length=8) 129 'name113' => string 'value113' (length=8) 130 'name114' => string 'value114' (length=8) 131 'name115' => string 'value115' (length=8) 132 'name116' => string 'value116' (length=8) 133 'name117' => string 'value117' (length=8) 134 'name118' => string 'value118' (length=8) 135 'name119' => string 'value119' (length=8) 136 'name120' => string 'value120' (length=8) 137 'name121' => string 'value121' (length=8) 138 'name122' => string 'value122' (length=8) 139 'name123' => string 'value123' (length=8) 140 'name124' => string 'value124' (length=8) 141 'name125' => string 'value125' (length=8) 142 'name126' => string 'value126' (length=8) 143 'name127' => string 'value127' (length=8) 144 'name128' => string 'value128' (length=8) 145 'name129' => string 'value129' (length=8) 146 'name130' => string 'value130' (length=8) 147 'name131' => string 'value131' (length=8) 148 'name132' => string 'value132' (length=8) 149 'name133' => string 'value133' (length=8) 150 'name134' => string 'value134' (length=8) 151 'name135' => string 'value135' (length=8) 152 'name136' => string 'value136' (length=8) 153 'name137' => string 'value137' (length=8) 154 'name138' => string 'value138' (length=8) 155 'name139' => string 'value139' (length=8) 156 'name140' => string 'value140' (length=8) 157 'name141' => string 'value141' (length=8) 158 'name142' => string 'value142' (length=8) 159 'name143' => string 'value143' (length=8) 160 'name144' => string 'value144' (length=8) 161 'name145' => string 'value145' (length=8) 162 'name146' => string 'value146' (length=8) 163 'name147' => string 'value147' (length=8) 164 'name148' => string 'value148' (length=8) 165 'name149' => string 'value149' (length=8) 166 'name150' => string 'value150' (length=8) 167 'name151' => string 'value151' (length=8) 168 'name152' => string 'value152' (length=8) 169 'name153' => string 'value153' (length=8) 170 'name154' => string 'value154' (length=8) 171 'name155' => string 'value155' (length=8) 172 'name156' => string 'value156' (length=8) 173 'name157' => string 'value157' (length=8) 174 'name158' => string 'value158' (length=8) 175 'name159' => string 'value159' (length=8) 176 'name160' => string 'value160' (length=8) 177 'name161' => string 'value161' (length=8) 178 'name162' => string 'value162' (length=8) 179 'name163' => string 'value163' (length=8) 180 'name164' => string 'value164' (length=8) 181 'name165' => string 'value165' (length=8) 182 'name166' => string 'value166' (length=8) 183 'name167' => string 'value167' (length=8) 184 'name168' => string 'value168' (length=8) 185 'name169' => string 'value169' (length=8) 186 'name170' => string 'value170' (length=8) 187 'name171' => string 'value171' (length=8) 188 'name172' => string 'value172' (length=8) 189 'name173' => string 'value173' (length=8) 190 'name174' => string 'value174' (length=8) 191 'name175' => string 'value175' (length=8) 192 'name176' => string 'value176' (length=8) 193 'name177' => string 'value177' (length=8) 194 more elements... 195 196 Chrome Version 52.0.2743.116 m (64-bit) 197 150-180 198 array (size=156) 199 'name44' => string 'value44' (length=7) 200 'name45' => string 'value45' (length=7) 201 'name46' => string 'value46' (length=7) 202 'name47' => string 'value47' (length=7) 203 'name48' => string 'value48' (length=7) 204 'name49' => string 'value49' (length=7) 205 'name50' => string 'value50' (length=7) 206 'name51' => string 'value51' (length=7) 207 'name52' => string 'value52' (length=7) 208 'name53' => string 'value53' (length=7) 209 'name54' => string 'value54' (length=7) 210 'name55' => string 'value55' (length=7) 211 'name56' => string 'value56' (length=7) 212 'name57' => string 'value57' (length=7) 213 'name58' => string 'value58' (length=7) 214 'name59' => string 'value59' (length=7) 215 'name60' => string 'value60' (length=7) 216 'name61' => string 'value61' (length=7) 217 'name62' => string 'value62' (length=7) 218 'name63' => string 'value63' (length=7) 219 'name64' => string 'value64' (length=7) 220 'name65' => string 'value65' (length=7) 221 'name66' => string 'value66' (length=7) 222 'name67' => string 'value67' (length=7) 223 'name68' => string 'value68' (length=7) 224 'name69' => string 'value69' (length=7) 225 'name70' => string 'value70' (length=7) 226 'name71' => string 'value71' (length=7) 227 'name72' => string 'value72' (length=7) 228 'name73' => string 'value73' (length=7) 229 'name74' => string 'value74' (length=7) 230 'name75' => string 'value75' (length=7) 231 'name76' => string 'value76' (length=7) 232 'name77' => string 'value77' (length=7) 233 'name78' => string 'value78' (length=7) 234 'name79' => string 'value79' (length=7) 235 'name80' => string 'value80' (length=7) 236 'name81' => string 'value81' (length=7) 237 'name82' => string 'value82' (length=7) 238 'name83' => string 'value83' (length=7) 239 'name84' => string 'value84' (length=7) 240 'name85' => string 'value85' (length=7) 241 'name86' => string 'value86' (length=7) 242 'name87' => string 'value87' (length=7) 243 'name88' => string 'value88' (length=7) 244 'name89' => string 'value89' (length=7) 245 'name90' => string 'value90' (length=7) 246 'name91' => string 'value91' (length=7) 247 'name92' => string 'value92' (length=7) 248 'name93' => string 'value93' (length=7) 249 'name94' => string 'value94' (length=7) 250 'name95' => string 'value95' (length=7) 251 'name96' => string 'value96' (length=7) 252 'name97' => string 'value97' (length=7) 253 'name98' => string 'value98' (length=7) 254 'name99' => string 'value99' (length=7) 255 'name100' => string 'value100' (length=8) 256 'name101' => string 'value101' (length=8) 257 'name102' => string 'value102' (length=8) 258 'name103' => string 'value103' (length=8) 259 'name104' => string 'value104' (length=8) 260 'name105' => string 'value105' (length=8) 261 'name106' => string 'value106' (length=8) 262 'name107' => string 'value107' (length=8) 263 'name108' => string 'value108' (length=8) 264 'name109' => string 'value109' (length=8) 265 'name110' => string 'value110' (length=8) 266 'name111' => string 'value111' (length=8) 267 'name112' => string 'value112' (length=8) 268 'name113' => string 'value113' (length=8) 269 'name114' => string 'value114' (length=8) 270 'name115' => string 'value115' (length=8) 271 'name116' => string 'value116' (length=8) 272 'name117' => string 'value117' (length=8) 273 'name118' => string 'value118' (length=8) 274 'name119' => string 'value119' (length=8) 275 'name120' => string 'value120' (length=8) 276 'name121' => string 'value121' (length=8) 277 'name122' => string 'value122' (length=8) 278 'name123' => string 'value123' (length=8) 279 'name124' => string 'value124' (length=8) 280 'name125' => string 'value125' (length=8) 281 'name126' => string 'value126' (length=8) 282 'name127' => string 'value127' (length=8) 283 'name128' => string 'value128' (length=8) 284 'name129' => string 'value129' (length=8) 285 'name130' => string 'value130' (length=8) 286 'name131' => string 'value131' (length=8) 287 'name132' => string 'value132' (length=8) 288 'name133' => string 'value133' (length=8) 289 'name134' => string 'value134' (length=8) 290 'name135' => string 'value135' (length=8) 291 'name136' => string 'value136' (length=8) 292 'name137' => string 'value137' (length=8) 293 'name138' => string 'value138' (length=8) 294 'name139' => string 'value139' (length=8) 295 'name140' => string 'value140' (length=8) 296 'name141' => string 'value141' (length=8) 297 'name142' => string 'value142' (length=8) 298 'name143' => string 'value143' (length=8) 299 'name144' => string 'value144' (length=8) 300 'name145' => string 'value145' (length=8) 301 'name146' => string 'value146' (length=8) 302 'name147' => string 'value147' (length=8) 303 'name148' => string 'value148' (length=8) 304 'name149' => string 'value149' (length=8) 305 'name150' => string 'value150' (length=8) 306 'name151' => string 'value151' (length=8) 307 'name152' => string 'value152' (length=8) 308 'name153' => string 'value153' (length=8) 309 'name154' => string 'value154' (length=8) 310 'name155' => string 'value155' (length=8) 311 'name156' => string 'value156' (length=8) 312 'name157' => string 'value157' (length=8) 313 'name158' => string 'value158' (length=8) 314 'name159' => string 'value159' (length=8) 315 'name160' => string 'value160' (length=8) 316 'name161' => string 'value161' (length=8) 317 'name162' => string 'value162' (length=8) 318 'name163' => string 'value163' (length=8) 319 'name164' => string 'value164' (length=8) 320 'name165' => string 'value165' (length=8) 321 'name166' => string 'value166' (length=8) 322 'name167' => string 'value167' (length=8) 323 'name168' => string 'value168' (length=8) 324 'name169' => string 'value169' (length=8) 325 'name170' => string 'value170' (length=8) 326 'name171' => string 'value171' (length=8) 327 more elements... 328 329 */
发问:
0-chrome为什么是一个‘伪随机值’?
HTTP Cookie(也叫Web Cookie或浏览器Cookie)是服务器发送到用户浏览器并保存在本地的一小块数据,它会在浏览器下次向同一服务器再发起请求时被携带并发送到服务器上。通常,它用于告知服务端两个请求是否来自同一浏览器,如保持用户的登录状态。Cookie使基于无状态的HTTP协议记录稳定的状态信息成为了可能。
Cookie主要用于以下三个方面:
- 会话状态管理(如用户登录状态、购物车、游戏分数或其它需要记录的信息)
- 个性化设置(如用户自定义设置、主题等)
- 浏览器行为跟踪(如跟踪分析用户行为等)
Cookie曾一度用于客户端数据的存储,因当时并没有其它合适的存储办法而作为唯一的存储手段,但现在随着现代浏览器开始支持各种各样的存储方式,Cookie渐渐被淘汰。由于服务器指定Cookie后,浏览器的每次请求都会携带Cookie数据,会带来额外的性能开销(尤其是在移动环境下)。新的浏览器API已经允许开发者直接将数据存储到本地,如使用 Web storage API (本地存储和会话存储)或 IndexedDB 。
https://en.wikipedia.org/wiki/HTTP_cookie
Cross-site request forgery
For example, Bob might be browsing a chat forum where another user, Mallory, has posted a message. Suppose that Mallory has crafted an HTML image element that references an action on Bob's bank's website (rather than an image file), e.g.,
<img src="http://bank.example.com/withdraw?account=bob&amount=1000000&for=mallory">
If Bob's bank keeps his authentication information in a cookie, and if the cookie hasn't expired, then the attempt by Bob's browser to load the image will submit the withdrawal form with his cookie, thus authorizing a transaction without Bob's approval.
Cookie的缺陷
- Cookie会被附加在每个HTTP请求中,所以无形中增加了流量。
- 由于在HTTP请求中的Cookie是明文传递的,所以安全性成问题,除非用HTTPS。
- Cookie的大小限制在4KB左右,对于复杂的存储需求来说是不够用的。[3]
使用Cookies
用户可以改变浏览器的设置,以使用Cookies。同时一些浏览器自带或安装开发者工具包允许用户查看、修改或删除特定网站的Cookies信息。
识别功能
如果在一台计算机中安装多个浏览器,每个浏览器都会以独立的空间存放Cookie。因为Cookie中不但可以确认用户信息,还能包含计算机和浏览器的信息,所以一个用户使用不同的浏览器登录或者用不同的计算机登录,都会得到不同的Cookie信息,另一方面,对于在同一台计算机上使用同一浏览器的多用户群,Cookie不会区分他们的身份,除非他们使用不同的用户名登录。
https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Cookies
欧盟Cookie指令
关于Cookie,欧盟已经在2009/136/EC指令中提了相关要求,该指令已于2011年5月25日生效。虽然指令并不属于法律,但它要求欧盟各成员国通过制定相关的法律来满足该指令所提的要求。当然,各国实际制定法律会有所差别。
该欧盟指令的大意:在征得用户的同意之前,网站不允许通过计算机、手机或其他设备存储、检索任何信息。自从那以后,很多网站都在网站声明中添加了相关说明,告诉用户他们的Cookie将用于何处。
可以通过维基百科的相关内容获取最新的各国法律和更精确的信息。
僵尸Cookie和删不掉的Cookie
Cookie的一个极端使用例子是僵尸Cookie(或称之为“删不掉的Cookie”),这类Cookie较难以删除,甚至删除之后会自动重建。它们一般是使用Web storage API、Flash本地共享对象或者其他技术手段来达到的。相关内容可以看:
