Cookie
CGI ¥¹¥¯¥ê¥×¥È¤ä JavaScript ¤Ê¤É¤¬¥í¡¼¥«¥ë PC ¾å¤Ë¾®ÍÆÎ̤Υǡ¼¥¿¤òµ²±¤Ç¤¤ë¤è¤¦¤Ë¤¹¤ë»ÅÁȤߡ£¤â¤È¤â¤È¤Ï Netscape Communications ¤¬ÄêµÁ¤·¤¿»ÅÍͤÇÀµ¼°¤Êɸ½àµ¬³Ê¤Ë¤Ï¤Ê¤Ã¤Æ¤¤¤Ê¤¤¤¬¡¢¥Ç¥Õ¥¡¥¯¥È¥¹¥¿¥ó¥À¡¼¥É¤È¤·¤Æ¤Û¤È¤ó¤É¤Î¥Ö¥é¥¦¥¶¤¬ÁȤ߹þ¤ó¤Ç¤¤¤ë¡£
CGI ¥¹¥¯¥ê¥×¥È¤Ê¤É¤Ç¥Ö¥é¥¦¥¶¤Ë Cookie ¤òÁ÷¿®¤¹¤ë¾ì¹ç¤Ï¡¢HTTP ±þÅú¤Ë Set-Cookie ¥Ø¥Ã¥À¤òÉղ乤롣½ñ¼°¤Ï°Ê²¼¤Î¤È¤ª¤ê¡£
HTTP ¥ê¥¯¥¨¥¹¥È¤òÁ÷¤ëºÝ¡¢¤½¤Î¥Ú¡¼¥¸¤ËÂбþ¤¹¤ë Cookie ¤ò¥Ö¥é¥¦¥¶¤¬ÊÝ»ý¤·¤Æ¤¤¤ë¾ì¹ç¤Ï¼«Æ°Åª¤Ë Cookie: ¥Ø¥Ã¥À¤òÉղ乤롣½ñ¼°¤Ï°Ê²¼¤Î¤È¤ª¤ê¡£
¥Þ¥¤¥¯¥í¥½¥Õ¥È¤ÎÆÈ¼«³ÈÄ¥¤Ç¤Ï¤¢¤ë¤¬¡¢ JavaScript ¤Ë¤è¤ëÆÉ¤ß½Ð¤·¤ò¶Ø»ß¤·¤Æ XSS ¤Ë¤è¤ë Cookie ¤Î¼èÆÀ¤òËɻߤ¹¤ë "httponly" ¤È¤¤¤¦µ¡Ç½¤¬¤¢¤ë¡£°Ê²¼¤Î¤è¤¦¤Ë Set-Cookie ¥Ø¥Ã¥À¤ÎºÇ¸å¤Ë "httponly" ¤È¤¤¤¦¥ª¥×¥·¥ç¥ó¤ò»ØÄꤹ¤ë¤È¡¢¤½¤Î Cookie ¤Ï JavaScript ¤«¤é¥¢¥¯¥»¥¹¤Ç¤¤Ê¤¯¤Ê¤ë¡£
¥µ¡¼¥Ð¡¼¤Ø¤ÎÁ÷¿®¤ÏÄ̾ïÄ̤ê¹Ô¤ï¤ì¤ë¤Î¤Ç¡¢ CGI ¤Ç¤ÏÄ̾ïÄ̤ê»ÈÍѤǤ¤ë¡£¤³¤ì¤Ë¤è¤ê¡¢ÉÔÀµ¤Ê JavaScript ¤òÍøÍѤ·¤¿ Cookie ¤Î¼èÆÀ¤òËɻߤǤ¤ë¡£¤¿¤À¤·¡¢ XSS ¤Ë¤è¤ë¤¹¤Ù¤Æ¤Î±Æ¶Á¤òÍÞÀ©¤Ç¤¤ë¤ï¤±¤Ç¤Ï¤Ê¤¤¤Î¤Ç¡¢¤³¤Î³ÈÄ¥¤òÍøÍѤ·¤¿¤È¤·¤Æ¤â XSS Âкö¤Ï°ÍÁ³¤È¤·¤Æ½ÅÍפǤ¢¤ë¡£
¾ÜºÙ¤Ï°Ê²¼¤Î¥Ú¡¼¥¸¤ò»²¾È¡£
http://msdn.microsoft.com/library/default.asp?url=...
¤³¤Î³ÈÄ¥¤¬Æ°ºî¤¹¤ë¤Î¤Ï¡¢ Internet Explorer 6 SP1 °Ê¹ß¤È Konquerer ¤Ë¸Â¤é¤ì¤ë¡£ Firefox ¤Ç¤Ï¡¢°Ê²¼¤Î¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤ò¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤³¤È¤Çµ¼»÷Ū¤Ë¥µ¥Ý¡¼¥È¤Ç¤¤ë¡£
https://addons.mozilla.org/firefox/3629/
°ìÉô¤Î¥Ö¥é¥¦¥¶¤Ç¤Ï¥¯¥é¥Ã¥·¥å¤¹¤ë¾ì¹ç¤â¤¢¤ë¤è¤¦¤Ê¤Î¤Ç¡¢»ÈÍѤ¹¤ë¾ì¹ç¤Ï±Æ¶Á¤ò¤·¤Ã¤«¤ê¤È¸¡Æ¤¤¹¤ëɬÍפ¬¤¢¤ë¡£
»ÅÍͳµÍ×
Web ¥µ¡¼¥Ð¡¼¤«¤é¤Î Cookie ¤ÎÁ÷¿®
CGI ¥¹¥¯¥ê¥×¥È¤Ê¤É¤Ç¥Ö¥é¥¦¥¶¤Ë Cookie ¤òÁ÷¿®¤¹¤ë¾ì¹ç¤Ï¡¢HTTP ±þÅú¤Ë Set-Cookie ¥Ø¥Ã¥À¤òÉղ乤롣½ñ¼°¤Ï°Ê²¼¤Î¤È¤ª¤ê¡£
Set-Cookie: <Cookie̾>=<ÃÍ>[; expires=<͸ú´ü¸Â>][; path=<¥Ñ¥¹Ì¾>][; domain=<¥É¥á¥¤¥ó̾>][; secure]
- Cookie̾
- ÀßÄꤹ¤ë Cookie ¤Î̾Á°¡£
- ÃÍ
- ÀßÄꤹ¤ë Cookie ¤ÎÃÍ¡£
- ͸ú´ü¸Â
- Cookie ¤¬ºï½ü¤µ¤ì¤ëÆüÉÕ¡£ÆüÉÕ¤Ïstrftime ¤Î½ñ¼°¤Ç "%A, %d-%b%Y %H:%M:%S GMT" ¤Î¤è¤¦¤Ëµ½Ò¤¹¤ë¡£¾Êά¤¹¤ë¤È¥»¥Ã¥·¥ç¥ó¤Î½ªÎ»»þ¤Ë Cookie ¤¬ºï½ü¤µ¤ì¤ë¡£
- ¥Ñ¥¹Ì¾
- ¥Ö¥é¥¦¥¶¤¬¤³¤Î Cookie ¤òÁ÷¿®¤¹¤ë¥Ñ¥¹Ì¾¤ò»ØÄꤹ¤ë¡£¥É¥á¥¤¥ó̾¤¬¥Þ¥Ã¥Á¤·¤Æ¡¢¤«¤Ä¥Ñ¥¹Ì¾°Ê²¼¤Î¥Ú¡¼¥¸¤Ç Cookie ¤¬Á÷¿®¤µ¤ì¤ë¡£¾Êά¤µ¤ì¤ë¤È¤½¤Î¥Ú¡¼¥¸¤Î¥Ñ¥¹¤Ë¤Ê¤ë¡£
- ¥É¥á¥¤¥ó̾
- ¥Ö¥é¥¦¥¶¤¬¤³¤Î Cookie ¤òÁ÷¿®¤¹¤ë¥É¥á¥¤¥ó̾¤ò»ØÄꤹ¤ë¡£¾Êά¤¹¤ë¤È¤½¤Î¥Ú¡¼¥¸¤Î¥É¥á¥¤¥ó̾¤Ë¤Ê¤ë¡£
- secure
- ¤³¤Î»ØÄ꤬¤¢¤ë¤È¡¢SSL ÄÌ¿®¡Êhttps:¡Ë¤Î¾ì¹ç¤Î¤ß Cookie ¤¬Á÷¿®¤µ¤ì¤ë¡£
¥Ö¥é¥¦¥¶¤«¤é¤Î Cookie ¤ÎÁ÷¿®
HTTP ¥ê¥¯¥¨¥¹¥È¤òÁ÷¤ëºÝ¡¢¤½¤Î¥Ú¡¼¥¸¤ËÂбþ¤¹¤ë Cookie ¤ò¥Ö¥é¥¦¥¶¤¬ÊÝ»ý¤·¤Æ¤¤¤ë¾ì¹ç¤Ï¼«Æ°Åª¤Ë Cookie: ¥Ø¥Ã¥À¤òÉղ乤롣½ñ¼°¤Ï°Ê²¼¤Î¤È¤ª¤ê¡£
Cookie: <Cookie̾1>=<ÃÍ1>[; <Cookie̾2>=<ÃÍ2>...]
httponly ¡ÊIE ¤ÎÆÈ¼«³ÈÄ¥¡Ë
¥Þ¥¤¥¯¥í¥½¥Õ¥È¤ÎÆÈ¼«³ÈÄ¥¤Ç¤Ï¤¢¤ë¤¬¡¢ JavaScript ¤Ë¤è¤ëÆÉ¤ß½Ð¤·¤ò¶Ø»ß¤·¤Æ XSS ¤Ë¤è¤ë Cookie ¤Î¼èÆÀ¤òËɻߤ¹¤ë "httponly" ¤È¤¤¤¦µ¡Ç½¤¬¤¢¤ë¡£°Ê²¼¤Î¤è¤¦¤Ë Set-Cookie ¥Ø¥Ã¥À¤ÎºÇ¸å¤Ë "httponly" ¤È¤¤¤¦¥ª¥×¥·¥ç¥ó¤ò»ØÄꤹ¤ë¤È¡¢¤½¤Î Cookie ¤Ï JavaScript ¤«¤é¥¢¥¯¥»¥¹¤Ç¤¤Ê¤¯¤Ê¤ë¡£
Set-Cookie: name=value; httponly
¥µ¡¼¥Ð¡¼¤Ø¤ÎÁ÷¿®¤ÏÄ̾ïÄ̤ê¹Ô¤ï¤ì¤ë¤Î¤Ç¡¢ CGI ¤Ç¤ÏÄ̾ïÄ̤ê»ÈÍѤǤ¤ë¡£¤³¤ì¤Ë¤è¤ê¡¢ÉÔÀµ¤Ê JavaScript ¤òÍøÍѤ·¤¿ Cookie ¤Î¼èÆÀ¤òËɻߤǤ¤ë¡£¤¿¤À¤·¡¢ XSS ¤Ë¤è¤ë¤¹¤Ù¤Æ¤Î±Æ¶Á¤òÍÞÀ©¤Ç¤¤ë¤ï¤±¤Ç¤Ï¤Ê¤¤¤Î¤Ç¡¢¤³¤Î³ÈÄ¥¤òÍøÍѤ·¤¿¤È¤·¤Æ¤â XSS Âкö¤Ï°ÍÁ³¤È¤·¤Æ½ÅÍפǤ¢¤ë¡£
¾ÜºÙ¤Ï°Ê²¼¤Î¥Ú¡¼¥¸¤ò»²¾È¡£
http://msdn.microsoft.com/library/default.asp?url=...
¤³¤Î³ÈÄ¥¤¬Æ°ºî¤¹¤ë¤Î¤Ï¡¢ Internet Explorer 6 SP1 °Ê¹ß¤È Konquerer ¤Ë¸Â¤é¤ì¤ë¡£ Firefox ¤Ç¤Ï¡¢°Ê²¼¤Î¥¨¥¯¥¹¥Æ¥ó¥·¥ç¥ó¤ò¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤³¤È¤Çµ¼»÷Ū¤Ë¥µ¥Ý¡¼¥È¤Ç¤¤ë¡£
https://addons.mozilla.org/firefox/3629/
°ìÉô¤Î¥Ö¥é¥¦¥¶¤Ç¤Ï¥¯¥é¥Ã¥·¥å¤¹¤ë¾ì¹ç¤â¤¢¤ë¤è¤¦¤Ê¤Î¤Ç¡¢»ÈÍѤ¹¤ë¾ì¹ç¤Ï±Æ¶Á¤ò¤·¤Ã¤«¤ê¤È¸¡Æ¤¤¹¤ëɬÍפ¬¤¢¤ë¡£
À©¸Â
- ¤Ò¤È¤Ä¤Î Cookie ¤ËÊݸ¤Ç¤¤ë¤Î¤Ï 4096 ¥Ð¥¤¥È¤Þ¤Ç¡£
- ¤Ò¤È¤Ä¤Î¥Û¥¹¥È¤¬Êݸ¤Ç¤¤ë Cookie ¤Ï 20 ¸Ä¤Þ¤Ç¡£
- ¥È¡¼¥¿¥ë¤Ç 300 ¸Ä¤Þ¤Ç¤·¤«Êݸ¤Ç¤¤Ê¤¤¡£
¥¡¼¥ï¡¼¥É
»²¹Í
2008ǯ03·î30Æü(Æü) 23:05:22 Modified by sourcewalker