[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl]cu|| A doubt about HTTPS protocol and sessions



Hello everybody!

I have a doubt:  are all the data sent using HTTPS protocol secure? I
mean...if I send a cookie (that is an header of the request) using a HTTPS
connection is it crypted or not? If it isn't crypted and so it is sent in
plain text it could be read from everyone, included the users that isn't
directed to!!!  The problem is that sessions are implemented above all
through cookies and I would like to be able to store important information
in a session (like password and so on): if a cookie could be read easily it
would be very dangerous to store important information in it, am I right?

What happen if instead of using cookies to implement sessions I use
url-rewriting mechanism? In fact in this case all the information stored in
a session are not sent through cookies but they are encoded in the url (like
the session-id): so if I use HTTPS protocol (so I use an url of the type
"https://www.mydomanin.com/mysite.html?param1=value1&param2=value2&..."; are
all the information encoded in the url protected and secure (because they
are encrypted)? Or they are sent in plain text in any case?


Thanks for your help in advance!


Regards,

                    Luca

--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl