secure transmission of the credentials

最新推荐文章于 2025-05-30 11:05:30 发布

转载最新推荐文章于 2025-05-30 11:05:30 发布 · 321 阅读

文章标签：

#credentials #authentication #server #login #user #session

IPhone 专栏收录该内容

9 篇文章

订阅专栏

本文讨论了通过HTTPS进行凭证安全传输的方法，介绍了使用cookie进行用户验证的过程。文中提到cookie的有效期，并建议在cookie过期时重新登录获取新cookie。此外，还探讨了设备上存储用户凭据的风险，推荐仅存储密码的哈希值。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

原文

The easiest way for secure transmission of the credentials is to use Https. On successful authentication you'll receive a "cookie" that you can store locally in the user defaults. That cookie will typically expire. So, on subsequent logins, you can check that the cookie hasn't expired, and continue to use it for your server communication.

If the cookie does expire, then you prompt the user to login again, thereby receiving a new cookie from the server.

Storing any user credentials on the device is a big no no. The only way you can do it is to store a hash of the password. You would still need to check a hash of the entered password with the stored hash to check they are equal. It doesn't really give you anything other than a local - no server required - authentication.

Of course don't forget that without having to login again, the app will be vulnerable. Someone else could use the app and the owner's server session would still be active.