编码 java Cookie 值
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1531740/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Encoding java Cookie value
提问by joynes
How should you encode the actual value for a Java Cookie object? I cannot pass characters like '=' or any character outside US-ASCII.
您应该如何编码 Java Cookie 对象的实际值?我不能传递像“=”这样的字符或 US-ASCII 之外的任何字符。
/Br joynes
/Br 乔恩斯
回答by sleske
It does not really matter how, but usually Base64should work well.
怎么做并不重要,但通常Base64应该可以很好地工作。
A cautionary note:
注意事项:
This sounds like you want to store arbitrary settings in a cookie. This is generally not a good idea, because cookies (like all client input) are untrusted. Consider storing the data server-side under some generated (random!) identifier, and putting that into the cookie. That way people cannot circumvent access restrictions or inject arbitrary data into your system through manipulated cookies.
这听起来像是您想在 cookie 中存储任意设置。这通常不是一个好主意,因为 cookie(就像所有客户端输入一样)是不受信任的。考虑将数据服务器端存储在一些生成的(随机!)标识符下,并将其放入 cookie。这样人们就无法绕过访问限制或通过操纵 cookie 将任意数据注入您的系统。
If you cannot use this approach, treat cookie values as untrusted input and verify it as usual.
如果您不能使用此方法,请将 cookie 值视为不受信任的输入并照常验证。
Edit:
编辑:
Base64 is not appropriate, as it uses "=", which Java cookies do not support. Rather use
Base64 不合适,因为它使用了 Java cookie 不支持的“=”。而是使用
java.net.URLEncoder.encode
which only uses characters appropriate for cookies.
只使用适合 cookie 的字符。
回答by ZZ Coder
Use hex or URL-safe version of Base64 to encode it if you have unsafe chars. Regular Base64 can't be used as cookie values. Older Tomcat used to allow illegal chars in it like "=" but newer versions start to enforce the cookie rules now.
如果您有不安全的字符,请使用 Base64 的十六进制或 URL 安全版本对其进行编码。常规 Base64 不能用作 cookie 值。较旧的 Tomcat 过去允许在其中包含非法字符,例如“=”,但较新的版本现在开始强制执行 cookie 规则。
回答by Guy Marom
I ended up using Base64 encoding without the padding. This means that trailing equal signs are omitted, so the problem is solved.
我最终使用了没有填充的 Base64 编码。这意味着省略了尾随等号,因此问题解决了。
To create a padding-free Base64 encoder java.util.Base64.getEncoder().withoutPadding()
创建无填充 Base64 编码器 java.util.Base64.getEncoder().withoutPadding()
To create a padding-free Base64 decoder java.util.Base64.getDecoder()
创建无填充的 Base64 解码器 java.util.Base64.getDecoder()
回答by Zhenya
as i understand you need something like this String name="Женя";Cookie cookie=new Cookie("name",new String(name.getBytes("cp1251"),"utf8"));response.addCookie(cookie);
据我所知,你需要这样的东西 String name="Женя";Cookie cookie=new Cookie("name",new String(name.getBytes("cp1251"),"utf8"));response.addCookie(cookie);
回答by diyism
my php cookie value encode function:
我的 php cookie 值编码功能:
<?
function encode_cookie_value($value)
{return strtr($value,
array_combine(str_split($tmp=",; \t\r\n34"),
array_map('rawurlencode', str_split($tmp))
)
);
}
setrawcookie('kk', encode_cookie_value('jk=jk?jk-/":jk;jk jk,jk'));
?>
