• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Not container managed SSL login with following non secure operations

 
D Rog
Ranch Hand
Posts: 472
Linux Objective C Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It's easy to setup in container, however for some reason my servlet should do authentication. Is session cookie set as secure? If not it should work, right?
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Session cookies are stored in the HTTP header and are encrypted, but if you're looking at a mixture of encrypted and non-encrypted traffic this won't matter. You will want to make sure the domain set in the cookie is the same for both the SSL and non-SSL traffic otherwise the user will be authenticated with a cookie valid for the SSL domain but the cookie will not be sent when they move to the non-SSL domain.

Dave
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic