没有安全 cookie 之类的东西，除非它仅通过 SSL 传输.在使用持久性非会话 cookie(如记住我)时，可以通过完全执行您正在执行的操作，但与您所考虑的操作方式不同，来减轻一些影响.

There is no such thing as secure cookie UNLESS it's transmitted over SSL only. It can be mitigated some when using a persistent non-session cookie (like remember me), by doing exactly what you're doing, but not in the same way you're thinking of doing it.

您确实可以存储服务器变量，例如用户代理、IP 地址等(甚至是 JavaScript 变量)，但它们仅适用于验证持久性 cookie 数据是否与客户端的新连接匹配.IP 地址不是一个好主意，除非您知道客户端(仅像您一样)不会在每次加载页面时都发生变化(美国在线).

You can indeed store server variables such as the user-agent, the ip address and so forth (and even JavaScript variables), but they are only good for validating that the persistent cookie data matches the client's new connection. The ip address isn't a good idea except when you know that the client (like you only) isn't going to change on every page load (a la AOL).

现代网络浏览器和 LastPass 等 3rd 方服务可以存储登录凭据，只需按一下键(有时甚至不需要)即可将数据发送到登录表单.持久性 cookie 只适合那些拒绝使用其他可用内容的人.最后，不再需要持久的非会话 cookie.

Modern web browsers and 3rd party services like LastPass can store login credentials that only require a key press (and sometimes not even that) to send the data to the login form. Persistent cookies are only good for those people who refuse to use what's available otherwise. In the end, persistent, non-session cookies are not really required anymore.