问题描述
我正在为 Happstack 服务器制作会话系统,我使用 mongoDB 进行持久存储.我想知道 MongoDB ObjectID 是否可以安全地用作会话 ID.
I am making a session system for a Happstack server and I use mongoDB for persistent storage. I was wondering if the MongoDB ObjectIDs are safe for use as session IDs.
推荐答案
一般来说,MongoDB ObjectID 是全局唯一的,因此如果您担心冲突,则是安全的.
Generally speaking, MongoDB ObjectIDs are globally unique, and therefore safe if collisions are your concern.
但是,如果您谈论的是会话 ID,那么问题实际上取决于您是否在客户端对其进行加密以及如何加密.通常,这些问题的答案应该是是并且作为对客户端不透明的加密 cookie 值.通常,您使用的任何网络服务器都会有实用程序来帮助解决这个问题.
However, if you're talking about a session ID, the question really depends on if you are encrypting it client side and how. Typically the answers to those questions should be yes and as an encrypted cookie value opaque to the client. Usually any web server you are using will have utilities to help with this.
同样,如果您只是想确保您有一个唯一的 ID,并且想使用对象 ID 作为来源,那么您很好.
Again, if you are just trying to make sure you have a unique id, and want to use the object ID as a source, you're good.
这篇关于会话 ID 的 MongoDB ObjectID 安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!