Anish Chandran
Reputation: 447
cookie passing over HTTPS connection
I read many articles cookies are passed over HTTPS connection is encrypted. I checked with my application, its having SSL connection, but i can read cookie information from request headers. Is anything done for cookie encryption in HTTPS connection?
Upvotes: 2
Views: 255
Answers (1)
Marco A. Hernandez
Reputation: 821
HTTPS encrypts the entire session, headers included. But notice that SSL (TLS in fact) works over the Transport Layer. If you are reading the cookies from the Application Layer (for example using javascript or a java servlet to get the HTTP request) the content will be already unencrypted.
See Does SSL also encrypt cookies?
Upvotes: 2
Related Questions
- Reading cookies via HTTPS that were set using HTTP
- HTTP Cookies and Ajax requests over HTTPS
- Secure Cookies on http requests
- Sending cookies over HTTPS but HTML over HTTP
- HttpsURLConnection and Cookies
- Loosing cookie when swich from http to https
- Passing Cookies from Java to Browser
- Cookie security when passed over SSL
- Cookie across HTTP and HTTPS in PHP
- Is a cookie secure in a HTTPS connection?