HTTPS Cookies and Tokens - How do they work   

     HTTP protocol is used to move info around. This is not secure because the information is sent as plain text. This means anyone who intercepts the traffic can read it.

    HTTPS protocol allows the information transferred securely between the client and server. HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses, making it safer and more secure.  

  The client performs a handshake, with the suggestion of encryption method.  Then a certificate is swapped between the client and server. This is then verified by a certificate authority. Then decryption key is swapped.

 When encrypted data is sent, client decrypts with the key.


Tokens

 A token is created and saved in the client's browser after the user logs into the website. Every time a client requests something from the server, this encrypted information is sent with the request.

The server confirms the user's information after receiving the request, decrypts the token, and returns the response.

After a certain period the token expires, at which point a new token must be generated.

My upcoming post will be on testing an API using tokens.


Cookies

When a user signs in, the server generates a unique string known as a cookie. It is delivered to the client, who stores them.
Every time the client sends a request to the server, a cookie is also sent. The server compares it with the cookie and sends the response data after verifying.

When a user signs out or the browser is closed, session cookies expire.


Comments

Post a Comment

Popular posts from this blog

API Testing journey

  API Testing journey   I've been working on learning API testing for quite some time. I was only aware of the acronym API, which stands for application programming interface, until 2022. I started my search on Google because I wanted to learn more than that.  I Completed the following courses on various education platforms: 1. Coursera — Postman - Intro to APIs (without coding) 2. Coursera — Start Your API Testing Journey With Postman Tool 3. Udemy —  REST APIs with Postman for Absolute Beginners 4.  MOT - https://github.com/g33klady/TodoApiSample/tree/main/Resources . https://github.com/g33klady/TodoApiSample 5. LinkedIn Learning — API Testing Foundations 6. Test Automation university: https://testautomationu.applitools.com/exploring-service-apis-through-test-automation / 7. Test Automation university: https://testautomationu.applitools.com/python-api-testing /    Postman was discussed as a tool for API testing in the first three courses. In order to test an API endpoint, I
Read more
  Observation: How it has helped me as a tester? In one of the chapters of her book, "Explore IT," Elizabeth Hendrickson discusses observation and how it is crucial for exploratory testing. Checking logs for surprises is one technique to observe during testing. I was brought back to my days as a mid-level test engineer while reading it. On the user's side, the product appeared to be relatively straightforward, but it actually had a sophisticated architecture and a lot of moving components. For this product, there were very few user interactions; everything took place in the background, and logs were essential for troubleshooting. When I first discovered a bug, I would gather proof—reproducing steps, error logs—most often grep 'error' log files—and screenshots—and be prepared to report the issue. My manager would ping me with questions like, "Did you try to reproduce the bug in another test combination?" and "Did you check that?" and “Did you tr
Read more

My first time attending a software launch party

Image
  Postman celebrated the introduction of Postman Flows this week in San Francisco, on August 16th 2023. Following the release of Postman Flows a few months ago, Beth Marshall posted a YouTube video explaining how testers might use it for API testing procedures.   Ever since I started my API testing journey, I've been watching for Postman's announcements, challenges, You Tube Live sessions, and demonstrations. So I made the decision to go to this event as well.    When I arrived , Postman Flow was being used to welcome every registered guest. My name flashed on the welcome board when I clicked Run on their flow they had created after signing in (I forgot to take a picture of it). Greetings flow Two customers demonstrated how they are utilizing Flows to address issues and open up new possibilities. One of them includes a flow designed specifically for integration testing.   I was able to use Flows to design my very own, uniquely branded Postman YETI and select the swag I wanted (
Read more