Spring authentication, does it use encrypted cookies?

Question

Spring authentication, does it use encrypted cookies?

Does the Spring Framework (or in one of its supported options) use encrypted cookies that store registered userId users in cookies?

This is how ASP.NET authentication works, where it encrypts the value in the cookie, which is usually the user ID or user.

Is this what Spring is doing? (I understand that Spring allows you to choose, but is this the most common approach overall?)

+3

java spring

mrblah Jan 15 '10 at 3:50

source share

2 answers

matt b · Answer 1 · 2010-01-15T05:05:53+0000

I have no source to prove this, but the answer to the question is no.

Spring . cookie - JSESSIONID, / ( , ).

, cookie, .

cletus · Answer 2 · 2010-01-15T03:55:07+0000

, , . , , - , ( , , ), , , .

, , "". . FAQ (03/10: ):

, practical cryptanalysis'': the enemy doesn't have to just stare at your ciphertext until he figures out the plaintext. For instance, he might assume cribs '' --- . , , . "" --- , . , , , .

- Java , , . .

Spring authentication, does it use encrypted cookies?

More articles: