处理Cookie的最佳方法
[英]Best way To handle a Cookie
问题描述
i am newbie at developing web Application and like to learn best practices i want to know what is the best practise to handle the cookie data should one use JavaScript or PHP to handle a cookie data? 
我是开发Web应用程序的新手,并且喜欢学习最佳实践,我想知道处理Cookie数据的最佳实践是什么,应该使用JavaScript或PHP来处理Cookie数据吗?
1.Do you use javascript to get cookie and than pass it to PHP to do all the filtering ? 1.您是否使用javascript获取cookie,然后将其传递给PHP进行所有过滤?
2.Do you use PHP to do all of the stuff? 2.您是否使用PHP完成所有工作?
3.Which one of the above will improve performance or is there another way? 3.以上哪一项可以提高性能,还是还有另一种方法?
3 个解决方案
解决方案1
2 已采纳 2014-04-24 07:31:58
should one use JavaScript or PHP to handle a cookie data?
To make this a little more general, let's call this "Client side" (which is almost exclusively JavaScript) and "Server side" (which can be PHP, JavaScript or any other language) code. 为了使它更加通用,让我们将此代码称为“客户端”(几乎完全是JavaScript)和“服务器端”(可以是PHP,JavaScript或任何其他语言)代码。
The short answer is that: It depends what you are doing with the cookie data. 简短的答案是:这取决于您对Cookie数据的处理方式。
Most of the time, dealing with cookies server side is simpler. 在大多数情况下,处理Cookie服务器端更为简单。
Sometimes, the information in the cookie needs to be secure, and you don't need to access it from client side code, so you'll set an http only flag on it so that if you suffer an XSS attack the damage is limited. 有时,cookie中的信息需要安全,并且您不需要从客户端代码访问它,因此您将在其上设置一个仅http标志 ,这样,如果遭受XSS攻击,则损失是有限的。
Sometimes you will want to avoid making a server round trip (to take a trivial example: You allow the user to pick different stylesheets for your website. You don't want to reload the entire page when their change their preference. You use client side code to change the stylesheet currently loaded, and client side code to store that preference in a cookie. In the future, when other pages are loaded, you can use server side code to set a different <link> element.) 有时,您可能希望避免服务器往返(举个简单的例子:您允许用户为您的网站选择不同的样式表。您不想在更改他们的首选项时重新加载整个页面。您使用客户端代码来更改当前加载的样式表,并在客户端代码中将该首选项存储在cookie中。将来,在加载其他页面时,您可以使用服务器端代码设置其他<link>元素。)
Do you use javascript to get cookie and than pass it to PHP to do all the filtering ?
You might use client side code to set a cookie value, and then use server side code to read it. 您可能使用客户端代码来设置cookie值,然后使用服务器端代码来读取它。 There is no point in using JavaScript to read it and then using some non-cookie based mechanism to send it to server side code. 使用JavaScript读取它,然后使用一些基于非cookie的机制将其发送到服务器端代码毫无意义。 That just makes things complicated and more likely to go wrong. 这只会使事情变得复杂,并且更有可能出错。
Do you use PHP to do all of the stuff?
Only if all the stuff is better done with PHP 只有使用PHP可以更好地完成所有工作
Which one of the above will improve performance or is there another way?
As is normal with questions of client side code vs server side code: If you aren't loading a new page anyway, then using client side code is usually faster. 与客户端代码和服务器端代码的问题一样,这是正常的:如果仍然不加载新页面,则使用客户端代码通常会更快。
解决方案2
1 2014-04-24 07:19:10
It depends on the type of application. 这取决于应用程序的类型。
If your application is full request based with PHP as backend, then use can PHP tot extract cookies. 如果您的应用程序是完全请求的,并且以PHP为后端,则可以使用PHP提取Cookie。
check this link http://www.w3schools.com/php/php_cookies.asp 检查此链接http://www.w3schools.com/php/php_cookies.asp
Or, if you application follows REST architecture or you want send data to the backend using Ajax. 或者,如果您的应用程序遵循REST体系结构,或者您想使用Ajax将数据发送到后端。 Then use javascript/Jquery to get cookie value and send it to the backend server that is PHP or in any other language. 然后使用javascript / Jquery获取cookie值,并将其发送到PHP或任何其他语言的后端服务器。
Check this link to know, how to access cookies using jquey.cookie.js plugin: https://github.com/carhartl/jquery-cookie 检查此链接以了解如何使用jquey.cookie.js插件访问cookie: https : //github.com/carhartl/jquery-cookie
解决方案3
1 2014-04-24 07:19:57
In handling cookies, it does not really matter whether you use javascript or PHP, it just depends on when it is more beneficial to access/manipulate them. 在处理Cookie时,使用JavaScript还是PHP并不重要,它仅取决于何时访问/操作它们更有利。 Server-side stuff always seems more secure, but cookies are always accessible, client or server-side, so it doesn't really matter. 服务器端的东西似乎总是更安全,但是cookie始终是可访问的,无论是客户端还是服务器端,因此并不重要。 You can create a cookie in PHP like this: 您可以像这样在PHP中创建Cookie:
setcookie($cookieName, $cookieValue, time() + 3600);
That sets a cookie for an hour, you can then access it through the $_COOKIE superglobal array with array notation, for example 这将设置一个小时的cookie,然后您可以通过带有数组符号的$ _COOKIE超全局数组访问它,例如
$var = $_COOKIE[$cookieName];
However, keep in mind that this won't work if cookies aren't enabled in the browser, such as when someone uses incognito mode. 但是,请记住,如果未在浏览器中启用Cookie,例如当某人使用隐身模式时,此功能将无效。
In javascript, you can set cookies like this: 在javascript中,您可以这样设置cookie:
document.cookie="cookiename=cookievalue";
However, cookies in javascript are all concatenated as one big string in document.cookie , so the way to break them up into a normal array is with the split function, for example: 但是,javascript中的cookie都在document.cookie被连接为一个大字符串,因此将它们分解为普通数组的方法是使用split函数,例如:
var arr = [];
function getCookieArray() {
var value = "; " + document.cookie;
var parts = value.split("; " + name + "=");
if (parts.length == 2) return parts.pop().split(";").shift();
}
You can find more about that here http://www.w3schools.com/js/js_cookies.asp So, remember, that cookies are not for storing sensitive data. 您可以在http://www.w3schools.com/js/js_cookies.asp上找到有关此内容的更多信息。请记住,Cookie不是用于存储敏感数据的。 They're often used to store preferences, but never anything that people shouldn't be able to have access to. 它们通常用于存储首选项,但绝不会存储人们不应该访问的任何内容。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.