• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

https and cookies

 
Ranch Hand
Posts: 8945
Firefox Browser Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Does https require cookie to be enabled?
 
author
Posts: 11962
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No, you don't need to have cookies enabled.
 
Author
Posts: 80
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The way to look at HTTP and HTTPS is that HTTP is usually inplemented on top of TCP/IP whereas HTTPS is over SSL (which itself is a layer over TCP/IP). So, nothing is different in HTTPS data packets than HTTP packets. Also, once the connection is established, the processing of data packets remain the same.
This has many consequences -- (i) HTTP authentication mechanism (Basic and Digest) can be applied over HTTPS as well. In fact, I really like the idea of Basic authentication over HTTPS. (ii) You can continue to have HTTP level compression, chunking etc. of data. (iii) Things like cookies continue to work. Besides these, many more properties of HTTP continue to be valid for HTTPS.
 
author
Posts: 3252
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
One crucial difference is that with HTTPS, the server can use the SSL session for session tracking (i.e., keeping track of your HttpSession). With plain old HTTP, the server needs to use a temporary cookie or URL rewriting.
- Peter
 
Pankaj Kr
Author
Posts: 80
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Peter den Haan:
One crucial difference is that with HTTPS, the server can use the SSL session for session tracking (i.e., keeping track of your HttpSession). With plain old HTTP, the server needs to use a temporary cookie or URL rewriting.
- Peter


This is certainly a possibility. However, most of the Java Web Container applications do not make use of HTTPS Session information for user level session tracking. One reason is that the code doing the session tracking is usually at a higher layer and same for both HTTP and HTTPS. Also, persistent cookie based session can survive a browser close whereas HTTPS based sessions cannot. There are also some interesting corner cases when a user creates a new Browser (by clicking Ctrl-N in IE) in the middle of a session.
 
Pradeep bhatt
Ranch Hand
Posts: 8945
Firefox Browser Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have a requirement where I need to switch from secure to non secure to secure and so on. Which session handling method is appropriate ?
 
Ranch Hand
Posts: 231
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Pradeep Bhat:
I have a requirement where I need to switch from secure to non secure to secure and so on. Which session handling method is appropriate ?


Probably, using persistent cookie based sessions will be the best solution for that case.
Anyway, switching from secure to non secure pages many times could result a bit uncomfortable for users as they receive too many warning messages from the browser.
 
You don't like waffles? Well, do you like this tiny ad?
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic