问题
Looking at gmail and facebook I was wondering where do they store your password and account info when you log off and you have the function "Keep me signed in" on.
I know they store it in cookies but isnt this hackable/stealable? How safe is this system and where is this information stored?
回答1:
What they save is a unique session ID that is essentially a randomly generated string. With that session ID they can store your state on the backend, i.e. logged in or not. They never store your password, encrypted or not, in a cookie.
来源:https://stackoverflow.com/questions/12990557/are-passwords-stored-in-cookies