19 行
986 B
Markdown
19 行
986 B
Markdown
# 会话实验
|
|
|
|
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
|
|
|
|
## 范围元数据
|
|
|
|
| 字段 | 内容 |
|
|
|------|------|
|
|
| 适用目标类型 | `lab-local`, `lab-public`, `authorized-third-party` |
|
|
| 是否允许公网验证 | 允许,但只做 Cookie / Storage / Header 边界检查 |
|
|
| 推荐最小化验证 | 读取响应头、Cookie 属性、DOM 中的存储 API 使用痕迹 |
|
|
| 禁止场景 | 真实账户会话接管、窃取真实令牌、对第三方浏览器会话做持久利用 |
|
|
|
|
## 当前内容
|
|
|
|
- 工具: [session-lab.py](/Users/x/websafe/03-authentication/session/tools/session-lab.py)
|
|
- 关联系统: [frameworks/README.md](/Users/x/websafe/07-framework-security/frameworks/README.md), [platforms/README.md](/Users/x/websafe/07-framework-security/platforms/README.md)
|
|
- 修复主题: [token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md), [proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
|