cancel
Showing results for 
Search instead for 
Did you mean: 

Issuing cookies

Former Member
0 Kudos

Hi,

How can I issue a cookie to client browser with ecrypted context ?

And later how can I read it ?

Thank you.

Marian

Accepted Solutions (1)

Accepted Solutions (1)

thomas_jung
Developer Advocate
Developer Advocate
0 Kudos

In both the SET_COOKIE and GET_COOKIE method of IF_HTTP_RESPONSE and IF_HTTP_REQUEST there is a s SECURE parameter. If I understand this correctly, this doesn't necessarily encrypt the data. It does decied if the cookie is written to disk (insecure) or stored in the browser memory (secure). Is this enough level of protection for what you wanted?

I believe that if you actually want to encrypt the data, you are going to have to do that yourself. There is a class CL_HARD_WIRED_ENCRYPTOR in 640 that looks interesting. I have never actually tried it. Depending upon your requirements, it may or may not fit your needs.

If you are really concerned about the security of the data in the cookie, would it be possible to use Server Cookies instead?

Nigel_James
Active Contributor
0 Kudos

This class (CL_HARD_WIRED_ENCRYPTOR) is not very secure. Make sure you are comfortable with the very week encryption it provides. It is only marginly better than BASE64 encoding

regards,

Nigel

Answers (1)

Answers (1)

Former Member
0 Kudos

Hi,

In 620 you can use class cl_http_utility with methods encode and decode.

Very practical and makes use of BASE64 encryption.

Regards,

Dirk.

thomas_jung
Developer Advocate
Developer Advocate
0 Kudos

BASE64 is NOT encryption. It is simply another form of character encoding. It can be reversed by very simple means. It is good for compacting data and visual obscuring to the human eye.

http://en.wikipedia.org/wiki/Base64

There is even a FireFox Extension that will encode and decode Base64 inline.

http://leetkey.mozdev.org/