Frequently Asked Questions in Interviews (2)

Language 2023-07-29 03:27:30 views: null
1. Can the token be placed in a cookie?

When asked this question, the first thing to think about is security. Usually the answer is no, because there is a CSRF (cross-site request forgery) risk, an attacker can use the information in the cookie to send malicious requests. To solve the CSRF problem, you can set same-origin detection (Origin and Referer authentication), or set Samesite to Strict. The best thing is not to put the token in the cookie.

(One comment: 1. You said that you chose localStroage because cookies have security issues that can be attacked by xss, and later you said that local will also be attacked by xss. In fact, localStorage is vulnerable to cross-site scripting attacks (XSS), cookie Attacked by cross-site request forgery (CSRF) 2. You said that you chose localStorage because the data in localStorage will not be automatically sent to the server and can be encrypted. Doesn’t it carry the token? The cookie sets the SameSite attribute and the Secure attribute, which can control whether the cookie is automatically sent to the server with each request and whether it is only sent in the HTTPS connection, and the data stored in the cookie can also be encrypted)

2. Talk about the idea of ​​packaging components

The flexibility, ease of use, and reusability of components should be considered. A common encapsulation idea is to perform an encapsulation on the view level, such as views with high similarity, and provide some parameters for users to modify. For those with a high degree of business reuse, extract the business components.

3. The difference between cookie and localStorage

Cookieand LocalStorageare two mechanisms for storing data in the browser, they have some differences in the following aspects:

  1. Storage capacity: CookieThe storage capacity of a server is usually small, and Cookiethe size of each server is limited to about a few KB. And LocalStoragethe storage capacity of is usually larger, generally limited to a few MBor so. Therefore, if a large amount of data needs to be stored, LocalStorageit is usually more suitable;
  2. Data sent: is automatically sent to the server on Cookieevery request, which makes it suitable for passing data between clients and servers. And the data of is not automatically sent to the server, it only stores data on the browser side, so it is suitable for sharing data between different pages under the same domain name;HTTPCookielocalStorageLocalStorage
  3. Lifecycle: CookieYou can set an expiration time, so that the data will automatically expire after the specified time. And LocalStoragethe data of will be permanently stored in the browser unless manually deleted through JavaScript code;
  4. Security: CookieThe security is low, because it will be automatically sent to the server Cookiein each HTTPrequest, and there is a risk of being stolen or tampered with. The data of LocalStorageis only stored on the browser side and will not be automatically sent to the server, which is relatively safer

Guess you like

Origin blog.csdn.net/qq_46617584/article/details/131787052
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com