问题描述
如何编码Java Cookie对象的实际值?我不能传递'='之类的字符或US-ASCII之外的任何字符。
How should you encode the actual value for a Java Cookie object? I cannot pass characters like '=' or any character outside US-ASCII.
/ br joynes
/Br joynes
推荐答案
注意事项:
这听起来像你要存储cookie中的任意设置。这通常不是一个好主意,因为cookie(像所有客户端输入一样)是不可信的。考虑将数据服务器端存储在某个生成的(随机!)标识符下,并将其放入cookie中。这样人们就无法规避访问限制或通过操纵cookie将任意数据注入您的系统。
This sounds like you want to store arbitrary settings in a cookie. This is generally not a good idea, because cookies (like all client input) are untrusted. Consider storing the data server-side under some generated (random!) identifier, and putting that into the cookie. That way people cannot circumvent access restrictions or inject arbitrary data into your system through manipulated cookies.
如果您不能使用此方法,请将cookie值视为不可信输入并将其验证为通常。
If you cannot use this approach, treat cookie values as untrusted input and verify it as usual.
修改:
Base64不合适,因为它使用 =,哪些Java cookie不支持。而是使用
Base64 is not appropriate, as it uses "=", which Java cookies do not support. Rather use
java.net.URLEncoder.encode
仅使用适合cookie的字符。
which only uses characters appropriate for cookies.
这篇关于编码java Cookie值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!