HTTPS Cookies and Tokens - How do they work
HTTP protocol is used to move info around. This is not secure because the information is sent as plain text. This means anyone who intercepts the traffic can read it.
HTTPS protocol allows the information transferred securely between the client and server. HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses, making it safer and more secure.
The client performs a handshake, with the suggestion of encryption method. Then a certificate is swapped between the client and server. This is then verified by a certificate authority. Then decryption key is swapped.
When encrypted data is sent, client decrypts with the key.
Tokens
A token is created and saved in the client's browser after the user logs into the website. Every time a client requests something from the server, this encrypted information is sent with the request.
The server confirms the user's information after receiving the request, decrypts the token, and returns the response.
After a certain period the token expires, at which point a new token must be generated.
My upcoming post will be on testing an API using tokens.
Cookies
Comments
Post a Comment