WordPress:WordPress Cookies
WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.
WordPress 使用cookies, 或者说是小的信息储存在你的电脑中,来验证你是谁。有登陆的cookies,也有发表评论用的cookies。
Users
Users are those people who have registered an account with the WordPress blog in question.
用户
用户是那些已经注册一个帐户,拥有WordPress blog的人。
When you log into WordPress from http://example.com/wp-login.php, WordPress stores the following two cookies:
- Your user name
- A double-hashed copy of your password
The cookies are set to expire one year from the time they are set.
当你从http://example.com/wp-login.php登陆WordPress时,WordPress储存了如下两个cookies:
- 你的用户名
- 加密过的密码副本
The cookies are set to expire one year from the time they are set.
The actual cookies contain hashed data, so you don't have to worry about someone gleaning your username and password by reading the cookie data. A hash is the result of a specific mathematical formula applied to some input data (in this case your user name and password, respectively). It's quite hard to reverse a hash (bordering on practical infeasibility with today's computers). This means it is very difficult to take a hash and "unhash" it to find the original input data.
cookies 设置成从建立之日起一年后失效。
实际上cookies包括加密的 数据, 所以你不用担心有人通过阅读cookie发现你的用户名和密码。 加密是一种特殊的数学算法的结果,应用于某种输入数据 (本文中是你的用户名和密码)。很难将一个加密过的内容反转成文本 (使用现有的电脑进行过实践的可行性)。这意味这它很难"反加密" 得到原始输入数据。
WordPress uses the two cookies to bypass the password entry portion of wp-login.php. If WordPress recognizes that you have valid, non-expired cookies, you go directly to the WordPress Administration interface. If you don't have the cookies, or they're expired, or in some other way invalid (like you edited them manually for some reason), WordPress will require you to log in again, in order to obtain new cookies.
WordPress使用两种cookies来隐藏wp-login.php的密码输入部分。如果 WordPress 认为你是合法的,没有过期的cookies,你可以直接进入WordPress 管理界面。如果你没有这个cookies,或者是已经过期,或者其他原因而导致不合法的话,(如你手动编辑过它们),WordPress 将会要求你重新登陆以获得新的cookies。
The functions to set and remove cookies are currently defined in /wp-includes/pluggable-functions.php.
- wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '')
- This function sets the cookie.
- wp_clearcookie()
- This function will delete the cookie from the client browser. This happens when the user clicks on the Logout link in the Administration interface.
The following function also utilizes the cookies:
- auth_redirect()
- Checks whether the cookie is present on the client browser. If it is not, the user is sent to the wp-login.php login screen. After logging in, the user is sent back to the page he or she attempted to access.
设置和移动cookies的函数目前定义在 /wp-includes/pluggable-functions.php文件内。
- wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '')
- 这个函数设置cookie.
- wp_clearcookie()
- 这个函数会从客户浏览器中删除cookie。当用户点击管理界面中的Logout链接时执行。
下面几种函数也用到cookies:
- auth_redirect()
- 查看cookie是否应用在客户端浏览器中。如果没有,用户就会被链接到wp-login.php登陆界面。在登陆之后,用户可以回到刚才想进入的页面。
Commenters
When visitors comment on your blog, they too get cookies stored on their computer. This is purely a convenience, so that the visitor won't need to re-type all their information again when they want to leave another comment. Three cookies are set for commenters:
- comment_author
- comment_author_email
- comment_author_url
Again, all the data in the cookies is stored hashed. When the visitor returns to your blog, WordPress checks for the existence of their cookie, and then tries to compare their hashed data with the values stored in the WordPress database.
The commenter cookies are set to expire a little under one year from the time they're set.
评论者
当访问者在你的blog上留下评论时,他们也会存储cookies到他们的电脑上。 这非常方便,这样当访问者想留下另外一个评论的时候,不需要重新输入他们所有的信息。有三个cookies是关于评论者的:
- comment_author
- comment_author_email
- comment_author_url
所有存储在cookies中的数据都是经过加密的。当访问者返回你的blog时, WordPress 查看他们的cookie是否存在,然后试着用储存在WordPress数据库中的数据与加密过的信息比较。
评论者cookies设置成略少于一年的时间过期。