I work on web application that's built on Struts framework and deployed in Websphere Application Server 6.1 [ND].
There's a requirement to exchange digitally signed cookie between the browser to server access.. Would like to know if we could configure the WAS to exchange digitally signed / hashed cookie or is to be done via the Java code by implementing some Servlet filters.. ?
Find that the we can configure Secure cookies -- Enabling the feature restricts the exchange of cookies to HTTPS sessions only. [ i understand that the cookie is encrypted and sent over the secure layer (SSL) ]. Does it include a digital signature when using secure cookies.. ?
Request some insights on the understanding and ideas on how this can be implemented.
subject: Configuring Digitally signed cookie in WAS 6.1