right now, I'm building a simple login for my web service. I'm still confused about several things:
1. do cookies deemed to be unRESTful?
2. when using https, do we have to pay to the organization (forgot the name) for a certificate? no free version of this?