×

Stateless prevention of login-based cross-site request forgery

  • US 10,178,125 B2
  • Filed: 05/03/2016
  • Issued: 01/08/2019
  • Est. Priority Date: 05/03/2016
  • Status: Active Grant
First Claim
Patent Images

1. A system for stateless prevention of login-based cross-site request forgery, the apparatus comprising:

  • one or more processors; and

    a non-transitory computer readable medium storing a plurality of instructions, which when executed, cause the one or more processors to;

    receive, by a web application, a request for a login page associated with a web site;

    send, by the web application via a domain name, a response comprising the login page and a request header of the login page, the request header of the login page including a first function field having a first token and a second function field having a second token, the first function field being modifiable only via a related domain name that is related to the domain name;

    receive, by the web application, a request to login to the web site from a requesting client, wherein the request to login comprises a request header that comprises the first and second function fields;

    determine, by the web application, whether the first function field in the request header comprises a token that is a specific function of a token in the second function field in the request header; and

    establish, by the web application, a session with the requesting client in response to a determination that the first function field in the request header comprises the token which is the specific function of the token in the second function field in the request header.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×