Secure Cookies

Tutorial Overview. This tutorial will guide you through the steps required to set up secure cookies. To complete this tutorial you need to have an understanding of Java servlets and Tomcat. This tutorial is divided into three sections. The first section is a brief overview of cookies and the resources used. The second section will cover the installation and configuration of Tomcat, an application server used to serve the java servlet. The final section will cover the creation and use of a cookie, created using java.  This tutorial is used in IS2771 Security in E-Commerce.

Cookies. Cookies serve as a facility for servers to send information to a client, which is housed on the client’s machine from which the server can later retrieve it. Cookies are part of the header information that when used with https has decent security. There is a significant problem with using cookies, which is that a user can turn cookies off. As a developer you cannot be sure that state information is always available. A cookies value is normally an ID that is used by the server to query a database to obtain detailed information. To improve the security of a cookie, the value it holds should always be encrypted before being sent to the client, which should be base64 encoded before it is transmitted. In addition to encryption data should only be sent via a secure connection.

Java Servlets. Java servlets support the use of cookies through the ServletResponce and ServeltRequest interface. The response interface has a setCookie(cookie) method, which sets values for the cookie. The request interface has a getCookie() method, which will return a cookie.

Tomcat. Tomcat will be used as a standalone Web server, which will act as a servlet container that is used to reference Java Servlets and JavaServer Pages.