Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
徳丸本輪読会
Search
mcz9mm
August 06, 2017
0
84
徳丸本輪読会
第三回
mcz9mm
August 06, 2017
Tweet
Share
More Decks by mcz9mm
See All by mcz9mm
SwiftUI-List-Pagination
mcz9mm
2
2.3k
ARKit2.0でAppleが伝えたいアプリ体験を考える
mcz9mm
2
1.1k
ゆるく学ぶARKit
mcz9mm
3
1.5k
What’s TCP/UDP?
mcz9mm
0
110
NATサーバーの必要性
mcz9mm
0
110
What’s New in ARKit2.0
mcz9mm
0
110
徳丸本 ログインフォーム
mcz9mm
0
110
arkit+animoji
mcz9mm
0
72
徳丸本8
mcz9mm
0
130
Featured
See All Featured
Rails Girls Zürich Keynote
gr2m
95
14k
Writing Fast Ruby
sferik
629
62k
It's Worth the Effort
3n
187
28k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
We Have a Design System, Now What?
morganepeng
53
7.8k
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.9k
Build your cross-platform service in a week with App Engine
jlugia
232
18k
Music & Morning Musume
bryan
46
6.8k
Building a Modern Day E-commerce SEO Strategy
aleyda
43
7.7k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.5k
For a Future-Friendly Web
brad_frost
180
9.9k
Testing 201, or: Great Expectations
jmmastey
45
7.7k
Transcript
ಙؙձୈ̏ճ ຢདྷ ܆
Cookieग़ྗʹ·ͭΘΔ੬ऑੑ • େ͖͚͘Δͱ̎छྨͷ੬ऑੑ • CookieΛར༻͖͢Ͱͳ͍తͰ͍ͬͯΔ • Cookieͷग़ྗํ๏ʹ͕͋Δ IDΛอଘͩͧ σʔλͦͷͷΛอଘ͢Δͳ
ग़ྗ࣌ʹൃੜ͍͢͠੬ऑੑ • HTTPϔομɾΠϯδΣΫγϣϯ੬ऑੑ • CookieͷηΩϡΞଐੑෆඋ
ෆదͳར༻ • WEBϖʔδͰϖʔδΛ·͕ͨΔใΛอଘ͢Δํ๏ͱͯ͠ ɺηογϣϯཧػߏΛ༻͍ΒΕΔɻ͜ͷػߏͰηογϣ ϯIDͷΈΛCookieʹอଘ͠ɺσʔλࣗମwebαʔόͷϝϞ ϦϑΝΠϧɺDBͳͲʹอଘ͢Δɻ • ηογϣϯม֎෦͔Βॻ͖͑ΒΕͳ͍͕ɺCookieར ༻ऀ͔Βมߋ͕Ͱ͖ͯ͠·͏
CookieʹσʔλΛอଘ͠ͳ͍ํ͕ྑ͍ʂ • CookieͰ࣮ݱͰ͖ͯηογϣϯมͰ࣮ݱͰ͖ͳ͍͜ͱɺ ʮใͷण໋ͷ੍ޚʯͱʮҟͳΔαʔόʔͷใڞ༗ʯ • ͜ͷ̎Ҏ֎ηογϣϯมΛར༻͠Α͏ • CookieΛར༻͖͢λΠϛϯάɿ ɹɹɹɹɾϩάΠϯใΛอ࣋͢Δ ɹɹɹɹ
CookieͷηΩϡΞଐੑෆඋ Secureଐੑͱʁ http ͱ https ͱ֤௨৴Ͱ૬ޓͷߦ͖དྷ͕͋Δ߹ͳͲʹ https ͷ௨৴ͰͷΈ͏͖Cookieͷ͕ http ͷ௨৴ʹྲྀग़͢Δ͓ͦΕ͕͋Δɻ
ͦΕΛ͙ҝʹ Cookie ʹ secure ଐੑΛ͚ͯ https ௨৴ͰͷΈѻ͑ΔΑ͏ʹ͢Δͱ͍͏ରࡦ͕͋Δ
߈ܸख๏ ࣍ͷखॱͰฏจͷΫοΩʔ͕ωοτϫʔΫ্ʹྲྀΕΔɻ ·ͣɺHTTPSͰ͔ͭSecureଐੑͷ͔ͭͳ͍ΫοΩʔΛൃߦ͢ΔϖʔδΛӾཡ͠ɺϒϥβʔʹΫοΩʔ Ληοτ͢Δɻྫͱͯ͠URL https://www.example.jp/set_non_secure_cookie.php ͱ͢Δɻ ࣍ʹ᠘ϖʔδΛӾཡ͢Δɻ᠘ϖʔδʹԼهͷΑ͏ͳݟ͑ͳ͍imgλάʢ෯ͱߴ͕͞0ʣؚ͕·Ε͍ͯ Δɻ <img src="http://www.example.jp:443/trap/
width="0" height="0" /> URLͰࢦఆ͞Εͨϙʔτ൪߸443HTTPSͷσϑΥϧτϙʔτ͕ͩɺεΩʔϜ͕ʮhttp:ʯͱࢦఆ͞Ε͍ͯ ΔͷͰ͜ͷϦΫΤετ҉߸Խ͞Εͣʹૹ৴͞ΕΔɻϒϥβʹΫοΩʔΛૹ৴ͤ͞Δͷ͕తͳͷͰɺ URLͷը૾ͳͯ͘߈ཱܸ͢Δɻ ߈ܸऀ͕͜ͷ҉߸Խ͞Ε͍ͯͳ͍ΫοΩʔΛ౪ௌͰ͖Δ߹ɺηογϣϯϋΠδϟοΫʹѱ༻Ͱ͖Δɻ
ݪҼ ͷݪҼ୯ʹSecureଐੑΛ͚͍ͯͳ͍ͱ͍͏͚ͩͷ͜ ͱ͕ͩɺSecureଐੑΛ͚ͳ͍ओͳݪҼҎԼͷ2छྨ͕͋Δ ͱࢥΘΕΔɻ • ։ൃऀ͕Secureଐੑʹ͍ͭͯΒͳ͍ɻ • SecureଐੑΛ͚ΔͱΞϓϦέʔγϣϯ͕ಈ͔ͳ͘ͳΔɻ
ରࡦ ηογϣϯIDͷΫοΩʔʹSecureଐੑΛ͚Δ ΫοΩʔͷSecureଐੑෆඋͷରࡦΫοΩʔʹSecureଐੑΛ͚Δ͜ͱͰ ͋Δɻ PHPͰphp.iniʹҎԼͷઃఆΛ͢Δɻ session.cookie_secure = On Aapache Tomcatͷ߹ɺHTTPSଓ͞ΕͨϦΫΤετʹରͯ͠ɺηογϣ
ϯIDͷΫοΩʔʹࣗಈతʹSecureଐੑ͕ઃఆ͞ΕΔɻ
τʔΫϯΛར༻ͨ͠ରࡦ ηογϣϯIDΛอ࣋͢ΔΫοΩʔʹSecureଐੑ͕͚ΒΕͳ ͍߹ɺτʔΫϯΛར༻ͯ͠ηογϣϯϋΠδϟοΫΛࢭ͢ Δɻ τʔΫϯΛอ࣋͢ΔΫοΩʔʹSecureଐੑΛ͚Δ͜ͱʹ ΑͬͯɺHTTPϖʔδͱHTTPSϖʔδͰηογϣϯΛڞ༗ͭ͠ ͭɺԾʹηογϣϯIDΛ౪ௌ͞Εͨ߹ͰHTTPSϖʔδ ηογϣϯϋΠδϟοΫΛࢭͰ͖Δɻ
τʔΫϯ͕ͳͥྑ͍ͷ͔ʁ • τʔΫϯೝূޭ࣌ʹҰ͚ͩαʔόʔ͔Βग़ྗ͞ΕΔ • τʔΫϯHTTPSͷϖʔδͰੜ͞ΕΔ • τʔΫϯ࣮֬ʹ҉߸Խ͞Εͯϒϥβ͔Βૹ৴͞ΕΔ • HTTPSͷϖʔδΛӾཡ͢ΔʹτʔΫϯ͕ඞਢ͔ͩΒ αʔόʔͱϒϥβͷํͰ࣮֬ʹ҉߸Խ͞Εɺୈࡾऀ͕֬
࣮ʹΓಘͳ͍τʔΫϯ͕ඞཁʹͳΔ͔Βɺ҆શੑ͕֬อ͞ Ε͍ͯΔ
·ͱΊ • ݪଇͱͯ͠ηογϣϯIDͷΈʹ༻͍Δ͜ͱ • HTTPS௨৴Λ༻͍ΔΞϓϦέʔγϣϯͷCookieʹηΩϡ ΞଐੑΛ͚ͭΔ
END