开发者

Validate page request only client side

开发者 https://www.devze.com 2023-01-07 22:16 出处:网络
I\'m using a caching server to cache different instances of some pages. All the pages have two instances.(they have a version for the html when logged in and another when logged out).

I'm using a caching server to cache different instances of some pages. All the pages have two instances.(they have a version for the html when logged in and another when logged out).

What I am trying to achieve is the following: I want to make a request to the server based on som开发者_如何学编程e credentials(username password for example) for validation only once and then store somehow in a cookie some data that would spare me from accessing the server again.

So after the cookie creation when a user tries to access a different page within the site he should receive the logged in version of the page.

The only problem is that I can't see how this could be a safe approach. This wouldn't stop anyone from passing the server validation by just copying on another computer the same cookie.

Can I make a cookie valid only on the PC it was created on ?

Are there other alternatives that would make only one request to the server ?


The only safe approach is to have the server control access and validation. For every client-side approach, there's a hack that someone can use to exploit it.

0

精彩评论

暂无评论...
验证码 换一张
取 消