Menu
A review of SO doesn't categorically answer this question. It could be implied, but I would like to get it on the record specifically.
If SSL is active, it will encrypt HTTP header data, like "set-cookie" ? I know about "setSecure" to only transmit cookie's if HTTPS is active, but if SSL is active I would like to confirm if all header data is encrypted by default without the need to use "setSecure".
899
Data sent over SSL (HTTPS) is fully encrypted, headers included (hence cookies), only the Host you are sending the request to is not encrypted. It also means that the GET request is encrypted (the rest of the URL).
I understand, we use SSL to encrypt sensitive data like user name and password to transported to server without people in the network eavesdropping. So then server returns a secure token over HTTPS and its stored in cookie.
SSL, or Secure Sockets Layer, is an encryption-based Internet security protocol. It was first developed by Netscape in 1995 for the purpose of ensuring privacy, authentication, and data integrity in Internet communications.
Cookies are sent within the HTTP header. Thus they are as secure as the HTTPS connection which depends on a lot of SSL/TLS parameters like cipher strength or length of the public key. Please keep in mind that unless you set the Secure flag for your Cookie, the Cookie can be transmitted over an unsecure HTTP connection.
Data sent over SSL (HTTPS) is fully encrypted, headers included (hence cookies), only the Host you are sending the request to is not encrypted. It also means that the GET request is encrypted (the rest of the URL).
Although an attacker could force a client to respond over HTTP, so it is highly recommended to use the "Secure" flag in your cookie, which enforce the use of HTTPS to send cookies.
Also, using the flag HTTPOnly would greatly enhance the security of your site since it does not allow Cookies to be read with Javascript code (Mitigating potential XSS vulnerabilities).
159
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
