phpcookie防伪造,技术分享：Cookie防伪造防修改

原标题&＃xff1a;技术分享&＃xff1a;COOKIE 防伪造 防修改

主要防止非法用户修改COOKIE信息&＃xff0c;以及COOKIE的超时时间

传统COOKIE存储&＃xff0c;COOKIE(name, value)&＃xff0c;value很容易就被篡改。

防修改COOKIE存储&＃xff0c;COOKIE(name, value&＃43;“”&＃43; signToken&＃43;“”&＃43;saveTime&＃43;“”&＃43;maxTime)

signToken &＃xff1a;签名密钥 由md5(value&＃43;saveTime&＃43;maxTime&＃43;”自定义密钥“)生成

saveTime&＃xff1a;COOKIE创建时间

maxTime&＃xff1a;COOKIE超时时间

设置COOKIE

public static void put(HttpServletResponse response, String key, String value, int maxTime) {

String pwdKey &＃61; white_yu; //自定义密钥

String saveTime &＃61; System.currentTimeMillis() &＃43; ;

String signToken &＃61; md5(pwdKey, saveTime, maxTime &＃43; , value);

String COOKIEValue &＃61; signToken &＃43; &＃43; saveTime &＃43; &＃43; maxTime

&＃43; &＃43; value;

COOKIE COOKIE &＃61; new COOKIE(key,COOKIEValue);

COOKIE.setMaxAge(maxTime);

response.addCOOKIE(COOKIE);

}

获取COOKIE

public static String getCOOKIE(String COOKIEValue) {

String pwdKey &＃61; white_yu; //自定义密钥

if (StringUtils.isNotBlank(COOKIEValue)) {

String COOKIEStrings[] &＃61; COOKIEValue.split();

if (null !&＃61; COOKIEStrings 4 &＃61;&＃61; COOKIEStrings.length) {

String signToken &＃61; COOKIEStrings[0];

String saveTime &＃61; COOKIEStrings[1];

String maxTime &＃61; COOKIEStrings[2];

String value &＃61; COOKIEStrings[3];

String sign &＃61; md5(pwdKey, saveTime, maxTime, value);

// 保证 COOKIE 不被人为修改

if (sign.equals(signToken)) {

long stime &＃61; Long.parseLong(saveTime);

long maxtime &＃61; Long.parseLong(maxTime) * 1000;

// 查看是否过时

if ((stime &＃43; maxtime) - System.currentTimeMillis() 0) {

return value;

}

}

}

}

return null;

责任编辑&＃xff1a;