I'm using a caching server to cache different instances of some pages. All the pages have two instances.(they have a version for the html when logged in and another when logged out).
What I am trying to achieve is the following: I want to make a request to the server based on som开发者_如何学编程e credentials(username password for example) for validation only once and then store somehow in a cookie some data that would spare me from accessing the server again.
So after the cookie creation when a user tries to access a different page within the site he should receive the logged in version of the page.
The only problem is that I can't see how this could be a safe approach. This wouldn't stop anyone from passing the server validation by just copying on another computer the same cookie.
Can I make a cookie valid only on the PC it was created on ?
Are there other alternatives that would make only one request to the server ?
The only safe approach is to have the server control access and validation. For every client-side approach, there's a hack that someone can use to exploit it.
精彩评论