I understand how ssl works, so t开发者_C百科he browser sends the username/password encrypted. But what happens next ?
Does the client receive a cookie ? Is it secure ? How does the server-browser communicate safely if the only https page is the login page ?
I think if someone get's a copy of that cookie when it's being sent, they can acces that account, no matter how encrypted is the cookie
Actually I want to understand the process from login to logout in a secure web application.
Server: Tomcat, Apache ... Platform: java, php, ...
Thank you
If anyone else trips onto this: I found this Wikipedia article on Session Fixation and this SO Question very useful in answering this question, than the 90+ minute podcast from GRC (noted above) that is mostly related to SSL/TLS.
Episode 195 of the security now podcast deals with this topic in some depth. http://www.grc.com/securitynow.htm You can either scan the transcript (which I would recommend to do first in order to find out, wether it answers your questions) or listen to the whole episode.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论