在JavaScript中解码原始的URL编码的cookie
[英]Decoding raw URL-encoded cookie in JavaScript
问题描述
I generate session cookies in PHP using 
我使用以下方法在PHP中生成会话Cookie
$cookie = random_bytes(64);
then set the value of this variable as a cookie: 然后将此变量的值设置为cookie:
setcookie('access', $cookie, time()+31536000, '/', false);
When I look for the desired value using 当我使用寻找所需的值时
function getAccessToken(){
var n = document.cookie.match(/access=([^;]+)(?:$|;)/i);
if (n && n.length)
return n[1];
}
on the client side, I get 在客户端,我得到了
"%1D%D8%E1%3F%7E%3E%D7b%A5%04%3Bl%3A%ADB%DF%DAg%E5%1DH%0A%21%5E%15%D9%2Be8k%3A%E2%AF%CE7%F2%BF%5B%CB%14%95%CEO%28%60p%DF%FBeY%95%3C%86%B99U%B7%F1p%E0%AC%2B%C5%2F"
This value is being sent to a Node.js websocket server to authenticate the user, but since the value is already wrong at the client side, the connection fails. 该值被发送到Node.js Websocket服务器以验证用户身份,但是由于该值在客户端已经错误,因此连接失败。 When PHP receives this cookie, it is automatically decoded, and $_COOKIE['access'] correctly contains 当PHP接收到该cookie时,它将被自动解码,并且$_COOKIE['access']正确包含
?~> b ;l: B g H
!^ +e8k: 7 [ O(`p eY < 9U p + /
Everywhere I looked I was told to use decodeURI / decodeURIComponent and escape , but the first throws URIError: URI malformed and the second doesn't help me the slightest. 在我到过的所有地方,我都被告知要使用decodeURI / decodeURIComponent并进行escape ,但是第一个抛出URIError: URI malformed ,第二个没有丝毫帮助我。
How can I turn this raw URL-encoded string into a string of actual characters/bytes on either the client OR Node.js (doesn't matter which side does the decoding)? 如何将原始URL编码的字符串转换为客户端或Node.js上的实际字符/字节的字符串(与解码的哪一侧无关)?
2 个解决方案
解决方案1
1 已采纳
Based on @BlackBurn027 's comment , all I did was add an extra bin2hex step before setting the cookie value: 基于@ BlackBurn027的注释 ,我所做的就是在设置cookie值之前添加了一个额外的bin2hex步骤:
$cookie = bin2hex(random_bytes(64));
This produces a string that both languages can easily understand without issues. 这样会产生一个字符串,两种语言都可以轻松理解而不会出现问题。
解决方案2
-1 2016-06-18 10:25:55
The problem is that you are randomly generating bytes, so if you try to "decode" them, there will be not ASCII characters, so you will see that "?" 问题在于您是随机生成字节,因此如果尝试“解码”它们,则不会有ASCII字符,因此您会看到“?” sign and more random letters like other languages letters (japanese, russian for example)... 符号和更多随机字母,例如其他语言字母(例如日语,俄语)...
The best way is to create a function that you for sure know that will return AZ, az, 0-9 and special characters like "!?=$#" or any you allow. 最好的方法是创建一个您肯定知道的函数,该函数将返回AZ,az,0-9和特殊字符,例如“!?= $#”或任何您允许的字符。
So, what I usually do is to get the phpsession id and do MD5 on it, then get a random part of the MD5 (never entire string) and do other MD5, then sum anything, current year + month + date, or any random number o whatever you want. 因此,我通常要做的是获取phpsession id并对其执行MD5,然后随机获得MD5的一部分(从不输入整个字符串),再进行其他MD5,然后将总和,当前年+月+日期或任何随机数相加无论你想要什么。 Then other MD5... Do you get it ? 然后其他MD5 ...明白了吗?
Tell me if this answered your question ! 告诉我这是否回答了您的问题!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.