WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.

WordPress 使用cookies, 或者說(shuō)是小的信息儲(chǔ)存在你的電腦中，來(lái)驗(yàn)證你是誰(shuí)。有登陸的cookies，也有發(fā)表評(píng)論用的cookies。

Users

Users are those people who have registered an account with the WordPress blog in question.

用戶

用戶是那些已經(jīng)注冊(cè)一個(gè)帳戶，擁有WordPress blog的人。

When you log into WordPress from http://example.com/wp-login.php, WordPress stores the following two cookies:

• Your user name
• A double-hashed copy of your password

The cookies are set to expire one year from the time they are set.

當(dāng)你從http://example.com/wp-login.php登陸WordPress時(shí)，WordPress儲(chǔ)存了如下兩個(gè)cookies:

• 你的用戶名
• 加密過(guò)的密碼副本

The cookies are set to expire one year from the time they are set.

The actual cookies contain hashed data, so you don't have to worry about someone gleaning your username and password by reading the cookie data. A hash is the result of a specific mathematical formula applied to some input data (in this case your user name and password, respectively). It's quite hard to reverse a hash (bordering on practical infeasibility with today's computers). This means it is very difficult to take a hash and "unhash" it to find the original input data.

cookies 設(shè)置成從建立之日起一年后失效。

實(shí)際上cookies包括加密的 數(shù)據(jù), 所以你不用擔(dān)心有人通過(guò)閱讀cookie發(fā)現(xiàn)你的用戶名和密碼。 加密是一種特殊的數(shù)學(xué)算法的結(jié)果，應(yīng)用于某種輸入數(shù)據(jù) (本文中是你的用戶名和密碼)。很難將一個(gè)加密過(guò)的內(nèi)容反轉(zhuǎn)成文本 (使用現(xiàn)有的電腦進(jìn)行過(guò)實(shí)踐的可行性)。這意味這它很難"反加密" 得到原始輸入數(shù)據(jù)。

WordPress uses the two cookies to bypass the password entry portion of wp-login.php. If WordPress recognizes that you have valid, non-expired cookies, you go directly to the WordPress Administration interface. If you don't have the cookies, or they're expired, or in some other way invalid (like you edited them manually for some reason), WordPress will require you to log in again, in order to obtain new cookies.

WordPress使用兩種cookies來(lái)隱藏wp-login.php的密碼輸入部分。如果 WordPress 認(rèn)為你是合法的，沒(méi)有過(guò)期的cookies，你可以直接進(jìn)入WordPress 管理界面。如果你沒(méi)有這個(gè)cookies，或者是已經(jīng)過(guò)期，或者其他原因而導(dǎo)致不合法的話，(如你手動(dòng)編輯過(guò)它們)，WordPress 將會(huì)要求你重新登陸以獲得新的cookies。

The functions to set and remove cookies are currently defined in /wp-includes/pluggable-functions.php.

wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '')

This function sets the cookie.

wp_clearcookie()

This function will delete the cookie from the client browser. This happens when the user clicks on the Logout link in the Administration interface.

The following function also utilizes the cookies:

auth_redirect()

Checks whether the cookie is present on the client browser. If it is not, the user is sent to the wp-login.php login screen. After logging in, the user is sent back to the page he or she attempted to access.

設(shè)置和移動(dòng)cookies的函數(shù)目前定義在 /wp-includes/pluggable-functions.php文件內(nèi)。

wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '')

這個(gè)函數(shù)設(shè)置cookie.

wp_clearcookie()

這個(gè)函數(shù)會(huì)從客戶瀏覽器中刪除cookie。當(dāng)用戶點(diǎn)擊管理界面中的Logout鏈接時(shí)執(zhí)行。

下面幾種函數(shù)也用到cookies:

auth_redirect()

查看cookie是否應(yīng)用在客戶端瀏覽器中。如果沒(méi)有，用戶就會(huì)被鏈接到wp-login.php登陸界面。在登陸之后，用戶可以回到剛才想進(jìn)入的頁(yè)面。

Commenters

When visitors comment on your blog, they too get cookies stored on their computer. This is purely a convenience, so that the visitor won't need to re-type all their information again when they want to leave another comment. Three cookies are set for commenters:

• comment_author
• comment_author_email
• comment_author_url

Again, all the data in the cookies is stored hashed. When the visitor returns to your blog, WordPress checks for the existence of their cookie, and then tries to compare their hashed data with the values stored in the WordPress database.

The commenter cookies are set to expire a little under one year from the time they're set.

評(píng)論者

當(dāng)訪問(wèn)者在你的blog上留下評(píng)論時(shí)，他們也會(huì)存儲(chǔ)cookies到他們的電腦上。 這非常方便，這樣當(dāng)訪問(wèn)者想留下另外一個(gè)評(píng)論的時(shí)候，不需要重新輸入他們所有的信息。有三個(gè)cookies是關(guān)于評(píng)論者的:

• comment_author
• comment_author_email
• comment_author_url

所有存儲(chǔ)在cookies中的數(shù)據(jù)都是經(jīng)過(guò)加密的。當(dāng)訪問(wèn)者返回你的blog時(shí)， WordPress 查看他們的cookie是否存在，然后試著用儲(chǔ)存在WordPress數(shù)據(jù)庫(kù)中的數(shù)據(jù)與加密過(guò)的信息比較。

評(píng)論者cookies設(shè)置成略少于一年的時(shí)間過(guò)期。

References

• Wikipedia: Cookies
• Netscape cookie specification
• RFC2965
• PHP cookie documentation

參考

• Wikipedia: Cookies
• Netscape cookie 說(shuō)明
• RFC2965
• PHP cookie 文檔