sending login credentials using SSL

Hi, Should it be common practice to send login details (username + password) via SSL? I'll be using form-based authentication and was wondering about how to beef up the security of transmitting username and password over http. If so how is this generally achieved ie how would one specify that

http session survival

__ ?xml:namespace prefix = o ns = urn:schemas-microsoft-com:office:office / Jim Clayson Infogain Limited tel: 01628 580600 fax: 01628 580610 email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] web: www.infogain.com http://www.infogain.com/ Disclaimer: Neither this e-mail nor any attachment places any

RE: http session survival

-Original Message- From: Jim Clayson [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 11:43 AM To: '[EMAIL PROTECTED]' Subject: http session survival Hi, Does tomcat provide support for http session persistence? Does an http session survive a server restart

http session synchronization

access to a session across multiple requests which belong to it? Thanks Jim __ ?xml:namespace prefix = o ns = urn:schemas-microsoft-com:office:office / Jim Clayson Infogain Limited tel: 01628 580600 fax: 01628 580610 email: [EMAIL