let express = require("express")
let cookieParser = require("cookie-parser")
let app = express()
app.use(cookieParser("aaa", {
httpOnly : true,
maxAge : 1000*60
}))
app.get('/', function(req, res){
res.cookie("name", "wenye") //这样子设置的cookie并没有加密啊
res.end()
})
let server = app.listen(4000, function(){
let host = server.address().address;
let port = server.address().port;
console.log("运行在localhost:4000" , host, port);
})
如上所示,cookie并没有加密啊 ------------------------------------分割线----------------------------------分割线------------------------------------------------分割线------------------------------------------------------- 如果你是这样写
let express = require("express")
let cookieParser = require("cookie-parser")
let app = express()
app.use(cookieParser("aaa"))
app.get('/', function(req, res){
res.cookie("name", "wenye", {
signed : true //加上这个属性确实是加密了,但是值依然可以看得出来..
})
res.end()
})
let server = app.listen(4000, function(){
let host = server.address().address;
let port = server.address().port;
console.log("运行在localhost:4000" , host, port);
})
大家仔细看那个值,其实cookie的值还是可以很明显的看得出来的。。那这样子岂不是和没有加密一样了。。