I want to create a secure login/logout mechanism. I started reading the following articles to get an idea of things to take into account:
These articles make some good points, but I was thinking in using HTTPS in a similar way as the Yahoo mail login page. You know... you type http://mail.yahoo.com and you are redirected to a HTTPS page like https://login.yahoo.com/config/login where you insert your username and password and after your credentials are verified you are redirected back to a HTTP page with a generated session_id
cookie and all communications from there on are on HTTP using the cookie.
What do I need to implement this behavior?
I want to do this for two Java web apps (one with Spring framework and one with Struts 1) but don’t know exactly how to integrate that HTTPS part into the application (I have never worked with HTTPS before).