If you set this property to true, your cookie will be sent over an HTTP/SSL (https) connection. What it means is that every value to be stored in this cookie are encrypted before being sent on the network. This way, any malicious third party who are *sniffing* the network can't read the values to be stored in this cookie. You should only use it if you store sensible information in the cookie that you don't want anyone to intercept. But be warned that the cookie can still be accessed by the client, so it isn't the best place to store password unless you use encrypted values. Cookie.setSecure() only encrypt data sent on the network wich are decrypted by the client when they are received. It doesn't encrypt the values stored on the client. You have to do it yourself.
On 12/13/05, Deepa Khetan <[EMAIL PROTECTED]> wrote: > Hi!! > I am not geting any help from net about this issue. So, postin this question > on this group. > I want to know exactly what difference does it make if i set > Cookie.setSecure(true)?? I am using SSL in my application. What are the > advantages or disadvantages of doing it from security point of view. > > Please help > > Deepa > > -- Alexandre Poitras Québec, Canada --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
