会议的理想大小是多少?secretexpress.session
问问题
2638 次
2 回答
2
HILARUDEEN S ALLAUDEEN答案是错误的
秘密有多大并不重要——它对 cookie 的大小没有影响
你可以在这里查看https://npm.runkit.com/cookie-signature
var cookie = require("cookie-signature")
cookie.sign('hello', 'tobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscooltobiiscool')
结果长度相同
sha256 的答案是 256
快速会话正在使用https://www.npmjs.com/package/cookie-signature
符号功能在这里
让我们放心使用 256
于 2020-11-05T17:48:12.930 回答
1
Standard Size Of Cookie:
In general, Cookie is token which is sending by HTTP Client(May be browser) as a part of request. Since HTTP stateless protocal cookie is only way to tell server who is the actual client. Let take browser, Browser is having certain limitation on storing cookie, if you want go through What is the maximum size of a cookie, and how many can be stored in a browser for each web site?
Since cookie is part of each request, storing bigger token/value/string in cookie will take large bandwidth. So it is definitely not recommended storing large data.
Sencha's Connect:
Express framework is internally depends on connect framework to manage session, cookie and . You can identify from this https://github.com/visionmedia/express/blob/master/package.json. You can go through dependencies key in JSON.
Connect's Role on Session/Cookie Management:
In cookie generation, Secret "String" play key role on avoid cookie tampering. Internally, the program will generate encoded string and append it as a part of cookie. In clearly say, you see the cookie with name "connect.sid"(This is default one, however you can override the name) in browser. And you can read in browser itself by using any of developer add-ons.
The value store against "connect.sid" is contain two parts. First one is "Session ID" and second one is "Signature". It is look like as follows,
<session id encoded> . <signature>
The code part generating this cookie format is as follows,
function session(options){
...
...
return function session(req, res, next) {
...
...
// set-cookie
res.on('header', function(){
...
...
/*******************************************************/
/*********** Cookie Generating Code ********************/
var val = 's:' + signature.sign(req.sessionID, secret);
val = cookie.serialize(key, val);
debug('set-cookie %s', val);
res.setHeader('Set-Cookie', val);
/*********** Cookie Generating Code *******************/
});
...
...
Signature Generation:
Connect call sign() function which is implemented in "cookie-signature" module. You can easily get how sign() function work, from example in this page https://npmjs.org/package/cookie-signature and You can get deep insight from this https://github.com/visionmedia/node-cookie-signature/blob/master/index.js
Conclusion:
Finally "Secret" string express is going to part of cookie as a signature. So you can use any length of "secret" string, unless it(sessionid and signature) is exceeded standard browser supporting size.
于 2013-11-02T10:00:05.423 回答