This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes Not container managed SSL login with following non secure operations Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Not container managed SSL login with following non secure operations " Watch "Not container managed SSL login with following non secure operations " New topic
Author

Not container managed SSL login with following non secure operations

D Rog
Ranch Hand

Joined: Feb 07, 2004
Posts: 472

It's easy to setup in container, however for some reason my servlet should do authentication. Is session cookie set as secure? If not it should work, right?


Retire your iPod and start with HD Android music player Kamerton | Minimal J2EE container is here | Light weight full J2EE stack | and build tool | Co-author of "Windows programming in Turbo Pascal"
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

Session cookies are stored in the HTTP header and are encrypted, but if you're looking at a mixture of encrypted and non-encrypted traffic this won't matter. You will want to make sure the domain set in the cookie is the same for both the SSL and non-SSL traffic otherwise the user will be authenticated with a cookie valid for the SSL domain but the cookie will not be sent when they move to the non-SSL domain.

Dave
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Not container managed SSL login with following non secure operations
 
Similar Threads
WA #1.....word association
web-container or application
cookies scoped to web-application within a domain
question on form based authentication
how can i make the session id more secure