I want to implement the secure authentication with maintaining the login data in subsequent requests.
I have planned to use form authentication but cookie generated from forms authentication, will be accessed by hacker or middle man. So if we use form authentication with the help of cookie user can login.
If we use session, which will also create the cookie in local and also create over head in server.
So how we can maintain user loggin details, which can be used in websites (withourt SSL).