Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Newbie SSL question

843811Dec 12 2006 — edited Dec 12 2006
Dear gurus,

I've a question regarding SSL. When I submit a URL request through SSL with query-string parameters, can anyone sniff out the query string or is it protected by SSL?

Similarly, when cookies are disabled, I know that the server uses jsessionid to maintain the session states. Suppose I am sitting next to my friend, who is working on some personal stuff in a SSL secured page with the jsessionid visible in the URL. Does it mean I am able to hijack his session by typing out the same jsessionid?

Thank and regards,
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jan 9 2007
Added on Dec 12 2006
#java-secure-socket-extension-jsse
2 comments
174 views