1

Using "Spring-Security".

I have a scenario like the "Remember Me, Single Session (Only one session will be created per user, by setting session-fixation-protection="migrateSession") and Encrypt Cookie with HTTP (Not HTTPS)" should be implemented in same application. I have done configurations for this but i have successfully configured "Remember me and Single Session". But with this i want to encrypt the cookie also.

When we inspect the "Network" section in browser using debug tools in the browser the cookie part shows "Cookie : JSESSIONID=", instead of this it should be encrypted and should not show any information like "JSESSIONID". Can we implement this ? if yes please tell me how to do this.

Thank You.

user3515080
  • 545
  • 2
  • 6
  • 17
  • The answer is basically "no", and even if you could it would most likely not achieve anything useful. If you want to secure your session information from network eavesdropping then you should always use HTTPS. You should probably explain in your questionwhy you want to do this, though, and what you think it would achieve. – Shaun the Sheep May 28 '14 at 14:30
  • @LukeTaylor, can you please suggest what will be done for cookie encryption without "HTTPS", is it possible ? – user3515080 May 29 '14 at 10:24

0 Answers0