How to pass encrypted data via browser (HTML5) ses

2019-07-11 06:03发布

I am trying to pass encrypted data via a browser/client session variable - not to be confused with server-side session variable:

encrypt:

var encrypted_user_id = CryptoJS.AES.encrypt(user_id, cipher_pass);
var encrypted_user_password = CryptoJS.AES.encrypt(password, cipher_pass);

sessionStorage.setItem('user_id', encrypted_user_id);
sessionStorage.setItem('user_password', encrypted_user_password);

decrypt:

var encrypted_user_id = sessionStorage.getItem('user_id');
var encrypted_user_password = sessionStorage.getItem('user_password');

var plaintext_user_id = CryptoJS.AES.decrypt(encrypted_user_id, cipher_pass).toString(CryptoJS.enc.Utf8);
var plaintext_user_password = CryptoJS.AES.decrypt(encrypted_user_password, cipher_pass).toString(CryptoJS.enc.Utf8);

There is no error, but the plaintext is empty string.

If I perform the exact same encryption/decryption using variables instead of sessionStorage it works fine.

What am I not understanding? Is there something about session variables that is different than a local variable?

标签： javascript html5 encoding session-variables cryptojs

1条回答

该账号已被封号

2楼-- · 2019-07-11 06:54

So I've made a fiddle to test it out. And I think the problem (although in fairness your original code seemed to work for me too) is that for the encryption you should do this instead:

var encrypted_user_id = CryptoJS.AES.encrypt(user_id, cipher_pass).toString();

Why? Without the to string, you're storing an object that JSON can't serialize, so when you're getting your object back from session storage you're getting back something different than you intended.

0人赞添加讨论(0) 举报

How to pass encrypted data via browser (HTML5) ses

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间