一个理由，你为什么会做这样的事情是prevent的URL篡改获得对数据的访问不是您自己。例如，如果你有网址：

A reason why you might do something like this is to prevent tampering with the URL to get access to data other than your own. For example, if you have the url:

http://foo.com/user.aspx?user_id=123

这不会是很难，我（或任何人）更改为：

it wouldn't be hard for me (or anyone) to change that to:

http://foo.com/user.aspx?user_id=124

如果您的数据访问策略完全依靠什么在查询字符串，这可能允许未经授权的数据访问。

If your data access strategy relies entirely on what's in the querystring, that could allow unauthorized access to data.

此方法确实正确地达到这一目的，而是一种更强大的方式来获得有积极的应用程序中查看的授权，从不一味依赖URL进行身份验证和/或授权。

This approach does serve that purpose correctly, but a more robust way to get there is to actively check authorization within the application, and never rely exclusively on the URL for authentication and / or authorization purposes.

请注意，这已经无关，与SSL - 确保浏览器和服务器之间的私密性，但你可以在一个非常安全的连接，仍然篡改网址

Note that this has nothing to do with SSL - that ensures privacy between the browser and server, but you can be under a perfectly secure connection and still tamper with the URL.