更新时间:2023-01-14 10:52:27
会话通常是关键的IP地址在某种程度上阻止会话盗窃。
Sessions are usually keyed to IP addresses at some level somewhat preventing session theft.
除此之外,会话ID不包含任何个人信息;你的密码,甚至是盐和哈希。密码,盐化和散列,因为他们可以,可以重复使用;会话ID不能。一旦会话结束,就结束了,您需要一个新的会话ID才能再次模拟用户。
Beyond that, the session ID doesn't contain any personal information; your password, even salted and hashed does. Passwords, salted and hashed as they may be, can be reused; session ID's can't. Once the session is over, it's over, you need a new session ID to be able to impersonate the user again.