実際困る！クロスドメイン間のセッション管理を考えよう

࣮ࡍࠔΔʂ  ΫϩευϝΠϯؒͷηογϣϯ؅ཧΛߟ͑Α͏ !PSFLZVV

ࣗݾ঺հ w !PSFLZVV w ͓࢓ࣄ3BJMT1)1 w ฼ࠃޠ+BWB w #VSJ,BJHJ࣮͸ճ໨

ฉ͖ऴΘͬͨ͋ͱͷཧ૝ w ΫϩευϝΠϯؒͰϩάΠϯঢ়ଶͷಉظΛऔΔ̍ख๏Λ஌͍ͬͯΔ w /PU࣮૷Ͱ͖Δ

໨࣍ w γϯάϧαΠϯΦϯฤ w ηογϣϯ؅ཧฤ w γϯάϧϩάΞ΢τฤ w ࣮ફฤ

ొ৔ਓ෺ w UPEPUFTULBOCBOUFTU  ڞ௨ͷ*%ͰϩάΠϯͰ͖ΔͭͷαʔϏε w BVUIUFTU  ͕͜͜ೝՄαʔόʔ

γϯάϧαΠϯΦϯ w Α͋͘Δ0"VUIͱ͔Ͱ΍ͬͯΔ΍ͭ w 4QSJOH4FDVSJUZͷ0"VUIͷػೳͱ͔࢖͑͹ඵͰ࣮૷Ͱ͖Δ w αϯϓϧ͸Α͘ݟ͔͚Δ

ೝՄίʔυϑϩʔ BVUIUFTUʹϩάΠϯࡁΈηογϣϯ͕͋Ε͹  ͙͢ʹίʔϧόοΫ͢Δ

Ϣʔβʔʹͱͬͯͷମݧ w UPEPUFTUͰϩάΠϯޙɺLBOCBOUFTUʹΞΫηε͢Δͱ·ͩະϩάΠϯ w LBOCBOUFTUͰϩάΠϯϘλϯΛԡ͢ͱɺJEQBTTXPSEΛೖΕͳͯ͘΋  ϩάΠϯঢ়ଶʹͳΔ

4QSJOH4FDVSJUZͰͷ࣮૷

ͪΐͬͱدΓಓ0QFO*%$POOFDU%JTDPWFSZ w ΫϥΠΞϯτ͕ೝՄαʔόʔͷ֤छΤϯυϙΠϯτͷ৔ॴ΍ɺ  ͲͷΑ͏ͳػೳΛαϙʔτ͍ͯ͠Δ͔Λڭ͑ΔͨΊͷ΋ͷ w ೝՄαʔόʔͷXFMMLOPXOPQFOJEDPOpHVSBUJPOʹKTPOܗࣜͰ഑ஔ  ͞ΕΔ w 4QSJOH4FDVSJUZ͸͔͜͜ΒೝՄΤϯυϙΠϯτͳͲͷ৘ใΛಘΔͷͰɺ JTTVFSVSM͕Θ͔Ε͹ྑ͍

ͪΐͬͱدΓಓ0QFO*%$POOFDU%JTDPWFSZ

ηογϣϯ؅ཧ w UPEPUFTUʹϩάΠϯޙɺLBOCBOUFTUΛ։͘ͱϩάΠϯࡁΈʹ  ͳͬͯ΄͍͠ w UPEPUFTUͰϩάΞ΢τͨ͠ΒLBOCBOUFTUͰϩάΞ΢τࡁΈʹ  ͳͬͯ΄͍͠    γϯάϧϩάΞ΢τ  ؔ࿈࢓༷ 
0QFO*%$POOFDU4FTTJPO.BOBHFNFOU  0QFO*%$POOFDU#BDL$IBOOFM-PHPVU  0QFO*%$POOFDU'SPOU$IBOOFM-PHPVU

0QFO*%$POOFDU4FTTJPO.BOBHFNFOU w ΫϩευϝΠϯͰηογϣϯ؅ཧ͢ΔͨΊͷ࢓༷  %SBGUʹͳͬͯΔ͚Ͳ w JGSBNFΛϖʔδ಺ʹ࢓ࠐΜͰɺೝՄαʔόʔͷϖʔδΛ։͍ͯ  ೝՄαʔόʔͷηογϣϯ͕มΘͬͯͳ͍͔Λ֬ೝ͢Δ

0QFO*%$POOFDU4FTTJPO.BOBHFNFOU

01JGSBNFͷ৔ॴ

Ϣʔβʔͷମݧ w UPEPUFTUͰϩάΠϯͨ͋͠ͱLBOCBOUFTUʹ๚ΕΔͱBVUIUFTUʹϦμΠ ϨΫτ͞Εɺଈ࠲ʹίʔϧόοΫͯ͠ϩάΠϯࡁΈʹͳΔ w UPEPUFTU͔ΒϩάΞ΢τͯ͠΋LBOCBOUFTUʹ͸·ͩϩάΠϯঢ়ଶ͕࢒ͬ ͍ͯΔ  ͑ͬɾɾɾʁ

ϩάΞ΢τ͞Εͳ͍ݪҼ ͜͜Ͱ͸ϩάΞ΢τ͞ΕΔ BVUIUFTU͔Β͸ϩάΞ΢τͯ͠ͳ͍

31*OJUJBUFE-PHPVU w UPEPUFTU͔ΒϩάΞ΢τͨ͜͠ͱΛೝՄαʔόʔʹ఻͍͑ͨ w UPEPUFTUͰϩάΞ΢τޙʹFOE@TFTTJPO@FOEQPJOU΁ϦμΠϨΫτͯ͠ೝ ՄαʔόʔͰ΋ϩάΞ΢τͯ͠໭ͬͯ͘Ε͹ྑ͍ w ৔ॴ͸0QFO*%$POOFDU%JTDPWFSZʹରԠͯ͠ΔͳΒ FOE@TFTTJPO@FOEQPJOUʹ63-͕ೖ͍ͬͯΔ

31*OJUJBUFE-PHPVU

࣮ફฤ  4QSJOH4FDVSJUZ ,FZDMPBL

؀ڥ w 4QSJOH#PPU w TQSJOHCPPUTUBSUFSPBVUIDMJFOU w ,FZDMPBL

ʙγϯάϧαΠϯΦϯ

ʙ31*OJUJBUFE-PHPVU

DIFDLTFTTJPOJGSBNF

݁࿦ w 0QFO*%$POOFDU4FTTJPO.BOBHFNFOUΛ࢖͏͜ͱͰΫϩευϝΠϯؒ Ͱ΋ϩάΠϯঢ়ଶΛಉظ͢Δ͜ͱ͕Մೳ w 4QSJOH4FDVSJUZ͸31*OJUJBUFE-PHPVU΍0QFO*%$POOFDU%JTDPWFSZ ʹରԠ͍ͯ͠ΔͷͰ༻ҙʹରԠՄೳ w ,FZDMPBLͱ߹Θͤͯ࢖͏͜ͱͰ4FTTJPO.BOBHFNFOUͷ࣮ݱ΋༰қ

実際困る！クロスドメイン間のセッション管理を考えよう

実際困る！クロスドメイン間のセッション管理を考えよう

orekyuu

More Decks by orekyuu

Featured

Transcript

࣮ࡍࠔΔʂ  ΫϩευϝΠϯؒͷηογϣϯ؅ཧΛߟ͑Α͏ !PSFLZVV

ࣗݾ঺հ w !PSFLZVV w ͓࢓ࣄ3BJMT1)1 w ฼ࠃޠ+BWB w #VSJ,BJHJ࣮͸ճ໨

ฉ͖ऴΘͬͨ͋ͱͷཧ૝ w ΫϩευϝΠϯؒͰϩάΠϯঢ়ଶͷಉظΛऔΔ̍ख๏Λ஌͍ͬͯΔ w /PU࣮૷Ͱ͖Δ

໨࣍ w γϯάϧαΠϯΦϯฤ w ηογϣϯ؅ཧฤ w γϯάϧϩάΞ΢τฤ w ࣮ફฤ

ొ৔ਓ෺ w UPEPUFTULBOCBOUFTU  ڞ௨ͷ*%ͰϩάΠϯͰ͖ΔͭͷαʔϏε w BVUIUFTU  ͕͜͜ೝՄαʔόʔ

γϯάϧαΠϯΦϯ w Α͋͘Δ0"VUIͱ͔Ͱ΍ͬͯΔ΍ͭ w 4QSJOH4FDVSJUZͷ0"VUIͷػೳͱ͔࢖͑͹ඵͰ࣮૷Ͱ͖Δ w αϯϓϧ͸Α͘ݟ͔͚Δ

ೝՄίʔυϑϩʔ BVUIUFTUʹϩάΠϯࡁΈηογϣϯ͕͋Ε͹  ͙͢ʹίʔϧόοΫ͢Δ

Ϣʔβʔʹͱͬͯͷମݧ w UPEPUFTUͰϩάΠϯޙɺLBOCBOUFTUʹΞΫηε͢Δͱ·ͩະϩάΠϯ w LBOCBOUFTUͰϩάΠϯϘλϯΛԡ͢ͱɺJEQBTTXPSEΛೖΕͳͯ͘΋  ϩάΠϯঢ়ଶʹͳΔ

4QSJOH4FDVSJUZͰͷ࣮૷

ͪΐͬͱدΓಓ0QFO*%$POOFDU%JTDPWFSZ

ηογϣϯ؅ཧ w UPEPUFTUʹϩάΠϯޙɺLBOCBOUFTUΛ։͘ͱϩάΠϯࡁΈʹ  ͳͬͯ΄͍͠ w UPEPUFTUͰϩάΞ΢τͨ͠ΒLBOCBOUFTUͰϩάΞ΢τࡁΈʹ  ͳͬͯ΄͍͠    γϯάϧϩάΞ΢τ  ؔ࿈࢓༷

0QFO*%$POOFDU4FTTJPO.BOBHFNFOU w ΫϩευϝΠϯͰηογϣϯ؅ཧ͢ΔͨΊͷ࢓༷  %SBGUʹͳͬͯΔ͚Ͳ w JGSBNFΛϖʔδ಺ʹ࢓ࠐΜͰɺೝՄαʔόʔͷϖʔδΛ։͍ͯ  ೝՄαʔόʔͷηογϣϯ͕มΘͬͯͳ͍͔Λ֬ೝ͢Δ

0QFO*%$POOFDU4FTTJPO.BOBHFNFOU

01JGSBNFͷ৔ॴ

Ϣʔβʔͷମݧ w UPEPUFTUͰϩάΠϯͨ͋͠ͱLBOCBOUFTUʹ๚ΕΔͱBVUIUFTUʹϦμΠ ϨΫτ͞Εɺଈ࠲ʹίʔϧόοΫͯ͠ϩάΠϯࡁΈʹͳΔ w UPEPUFTU͔ΒϩάΞ΢τͯ͠΋LBOCBOUFTUʹ͸·ͩϩάΠϯঢ়ଶ͕࢒ͬ ͍ͯΔ  ͑ͬɾɾɾʁ

ϩάΞ΢τ͞Εͳ͍ݪҼ ͜͜Ͱ͸ϩάΞ΢τ͞ΕΔ BVUIUFTU͔Β͸ϩάΞ΢τͯ͠ͳ͍

31OJUJBUFE-PHPVU w UPEPUFTU͔ΒϩάΞ΢τͨ͜͠ͱΛೝՄαʔόʔʹ఻͍͑ͨ w UPEPUFTUͰϩάΞ΢τޙʹFOE@TFTTJPO@FOEQPJOU΁ϦμΠϨΫτͯ͠ೝ ՄαʔόʔͰ΋ϩάΞ΢τͯ͠໭ͬͯ͘Ε͹ྑ͍ w ৔ॴ͸0QFO%$POOFDU%JTDPWFSZʹରԠͯ͠ΔͳΒ FOE@TFTTJPO@FOEQPJOUʹ63-͕ೖ͍ͬͯΔ

31*OJUJBUFE-PHPVU

࣮ફฤ  4QSJOH4FDVSJUZ ,FZDMPBL

؀ڥ w 4QSJOH#PPU w TQSJOHCPPUTUBSUFSPBVUIDMJFOU w ,FZDMPBL

ʙγϯάϧαΠϯΦϯ

ʙ31*OJUJBUFE-PHPVU

DIFDLTFTTJPOJGSBNF

݁࿦ w 0QFO%$POOFDU4FTTJPO.BOBHFNFOUΛ࢖͏͜ͱͰΫϩευϝΠϯؒ Ͱ΋ϩάΠϯঢ়ଶΛಉظ͢Δ͜ͱ͕Մೳ w 4QSJOH4FDVSJUZ͸31OJUJBUFE-PHPVU΍0QFO*%$POOFDU%JTDPWFSZ ʹରԠ͍ͯ͠ΔͷͰ༻ҙʹରԠՄೳ w ,FZDMPBLͱ߹Θͤͯ࢖͏͜ͱͰ4FTTJPO.BOBHFNFOUͷ࣮ݱ΋༰қ