I understand how ssl works, so the browser sends the username / password encrypted. But what will happen next?
Does the client receive cookies? It is safe? How securely does a browser-browser interface work if the only https page is the login page?
I think that if someone receives a copy of this cookie when it is sent, he will be able to access this account, regardless of how the cookie is encrypted
Actually, I want to understand the login process for entering a secure web application.
Server: tomcat, apache ... platform: java, php, ...
thank
source
share