Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
徳丸本輪読会
Search
mcz9mm
August 06, 2017
0
74
徳丸本輪読会
第三回
mcz9mm
August 06, 2017
Tweet
Share
More Decks by mcz9mm
See All by mcz9mm
SwiftUI-List-Pagination
mcz9mm
2
2.1k
ARKit2.0でAppleが伝えたいアプリ体験を考える
mcz9mm
2
1k
ゆるく学ぶARKit
mcz9mm
3
1.4k
What’s TCP/UDP?
mcz9mm
0
98
NATサーバーの必要性
mcz9mm
0
84
What’s New in ARKit2.0
mcz9mm
0
80
徳丸本 ログインフォーム
mcz9mm
0
97
arkit+animoji
mcz9mm
0
64
徳丸本8
mcz9mm
0
110
Featured
See All Featured
Building a Modern Day E-commerce SEO Strategy
aleyda
38
6.9k
Making Projects Easy
brettharned
115
5.9k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
6.8k
Fashionably flexible responsive web design (full day workshop)
malarkey
405
65k
Six Lessons from altMBA
skipperchong
27
3.5k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.3k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
506
140k
Art, The Web, and Tiny UX
lynnandtonic
297
20k
A better future with KSS
kneath
238
17k
Music & Morning Musume
bryan
46
6.2k
Unsuck your backbone
ammeep
668
57k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
370
Transcript
ಙؙձୈ̏ճ ຢདྷ ܆
Cookieग़ྗʹ·ͭΘΔ੬ऑੑ • େ͖͚͘Δͱ̎छྨͷ੬ऑੑ • CookieΛར༻͖͢Ͱͳ͍తͰ͍ͬͯΔ • Cookieͷग़ྗํ๏ʹ͕͋Δ IDΛอଘͩͧ σʔλͦͷͷΛอଘ͢Δͳ
ग़ྗ࣌ʹൃੜ͍͢͠੬ऑੑ • HTTPϔομɾΠϯδΣΫγϣϯ੬ऑੑ • CookieͷηΩϡΞଐੑෆඋ
ෆదͳར༻ • WEBϖʔδͰϖʔδΛ·͕ͨΔใΛอଘ͢Δํ๏ͱͯ͠ ɺηογϣϯཧػߏΛ༻͍ΒΕΔɻ͜ͷػߏͰηογϣ ϯIDͷΈΛCookieʹอଘ͠ɺσʔλࣗମwebαʔόͷϝϞ ϦϑΝΠϧɺDBͳͲʹอଘ͢Δɻ • ηογϣϯม֎෦͔Βॻ͖͑ΒΕͳ͍͕ɺCookieར ༻ऀ͔Βมߋ͕Ͱ͖ͯ͠·͏
CookieʹσʔλΛอଘ͠ͳ͍ํ͕ྑ͍ʂ • CookieͰ࣮ݱͰ͖ͯηογϣϯมͰ࣮ݱͰ͖ͳ͍͜ͱɺ ʮใͷण໋ͷ੍ޚʯͱʮҟͳΔαʔόʔͷใڞ༗ʯ • ͜ͷ̎Ҏ֎ηογϣϯมΛར༻͠Α͏ • CookieΛར༻͖͢λΠϛϯάɿ ɹɹɹɹɾϩάΠϯใΛอ࣋͢Δ ɹɹɹɹ
CookieͷηΩϡΞଐੑෆඋ Secureଐੑͱʁ http ͱ https ͱ֤௨৴Ͱ૬ޓͷߦ͖དྷ͕͋Δ߹ͳͲʹ https ͷ௨৴ͰͷΈ͏͖Cookieͷ͕ http ͷ௨৴ʹྲྀग़͢Δ͓ͦΕ͕͋Δɻ
ͦΕΛ͙ҝʹ Cookie ʹ secure ଐੑΛ͚ͯ https ௨৴ͰͷΈѻ͑ΔΑ͏ʹ͢Δͱ͍͏ରࡦ͕͋Δ
߈ܸख๏ ࣍ͷखॱͰฏจͷΫοΩʔ͕ωοτϫʔΫ্ʹྲྀΕΔɻ ·ͣɺHTTPSͰ͔ͭSecureଐੑͷ͔ͭͳ͍ΫοΩʔΛൃߦ͢ΔϖʔδΛӾཡ͠ɺϒϥβʔʹΫοΩʔ Ληοτ͢Δɻྫͱͯ͠URL https://www.example.jp/set_non_secure_cookie.php ͱ͢Δɻ ࣍ʹ᠘ϖʔδΛӾཡ͢Δɻ᠘ϖʔδʹԼهͷΑ͏ͳݟ͑ͳ͍imgλάʢ෯ͱߴ͕͞0ʣؚ͕·Ε͍ͯ Δɻ <img src="http://www.example.jp:443/trap/
width="0" height="0" /> URLͰࢦఆ͞Εͨϙʔτ൪߸443HTTPSͷσϑΥϧτϙʔτ͕ͩɺεΩʔϜ͕ʮhttp:ʯͱࢦఆ͞Ε͍ͯ ΔͷͰ͜ͷϦΫΤετ҉߸Խ͞Εͣʹૹ৴͞ΕΔɻϒϥβʹΫοΩʔΛૹ৴ͤ͞Δͷ͕తͳͷͰɺ URLͷը૾ͳͯ͘߈ཱܸ͢Δɻ ߈ܸऀ͕͜ͷ҉߸Խ͞Ε͍ͯͳ͍ΫοΩʔΛ౪ௌͰ͖Δ߹ɺηογϣϯϋΠδϟοΫʹѱ༻Ͱ͖Δɻ
ݪҼ ͷݪҼ୯ʹSecureଐੑΛ͚͍ͯͳ͍ͱ͍͏͚ͩͷ͜ ͱ͕ͩɺSecureଐੑΛ͚ͳ͍ओͳݪҼҎԼͷ2छྨ͕͋Δ ͱࢥΘΕΔɻ • ։ൃऀ͕Secureଐੑʹ͍ͭͯΒͳ͍ɻ • SecureଐੑΛ͚ΔͱΞϓϦέʔγϣϯ͕ಈ͔ͳ͘ͳΔɻ
ରࡦ ηογϣϯIDͷΫοΩʔʹSecureଐੑΛ͚Δ ΫοΩʔͷSecureଐੑෆඋͷରࡦΫοΩʔʹSecureଐੑΛ͚Δ͜ͱͰ ͋Δɻ PHPͰphp.iniʹҎԼͷઃఆΛ͢Δɻ session.cookie_secure = On Aapache Tomcatͷ߹ɺHTTPSଓ͞ΕͨϦΫΤετʹରͯ͠ɺηογϣ
ϯIDͷΫοΩʔʹࣗಈతʹSecureଐੑ͕ઃఆ͞ΕΔɻ
τʔΫϯΛར༻ͨ͠ରࡦ ηογϣϯIDΛอ࣋͢ΔΫοΩʔʹSecureଐੑ͕͚ΒΕͳ ͍߹ɺτʔΫϯΛར༻ͯ͠ηογϣϯϋΠδϟοΫΛࢭ͢ Δɻ τʔΫϯΛอ࣋͢ΔΫοΩʔʹSecureଐੑΛ͚Δ͜ͱʹ ΑͬͯɺHTTPϖʔδͱHTTPSϖʔδͰηογϣϯΛڞ༗ͭ͠ ͭɺԾʹηογϣϯIDΛ౪ௌ͞Εͨ߹ͰHTTPSϖʔδ ηογϣϯϋΠδϟοΫΛࢭͰ͖Δɻ
τʔΫϯ͕ͳͥྑ͍ͷ͔ʁ • τʔΫϯೝূޭ࣌ʹҰ͚ͩαʔόʔ͔Βग़ྗ͞ΕΔ • τʔΫϯHTTPSͷϖʔδͰੜ͞ΕΔ • τʔΫϯ࣮֬ʹ҉߸Խ͞Εͯϒϥβ͔Βૹ৴͞ΕΔ • HTTPSͷϖʔδΛӾཡ͢ΔʹτʔΫϯ͕ඞਢ͔ͩΒ αʔόʔͱϒϥβͷํͰ࣮֬ʹ҉߸Խ͞Εɺୈࡾऀ͕֬
࣮ʹΓಘͳ͍τʔΫϯ͕ඞཁʹͳΔ͔Βɺ҆શੑ͕֬อ͞ Ε͍ͯΔ
·ͱΊ • ݪଇͱͯ͠ηογϣϯIDͷΈʹ༻͍Δ͜ͱ • HTTPS௨৴Λ༻͍ΔΞϓϦέʔγϣϯͷCookieʹηΩϡ ΞଐੑΛ͚ͭΔ
END