Method and system for secure server-based session management using single-use HTTP cookies
First Claim
1. A method for controlling access to protected resources within a distributed data processing system, the method comprising:
- receiving at a first server from a client a request to access a protected resource and a single-use token associated with the client or a user of the client;
validating the single-use token, wherein the single-use token comprises session information for performing session management with respect to the client;
generating a response to the request;
refreshing the single-use token; and
sending the response and the refreshed single-use token to the client.
3 Assignments
0 Petitions
Accused Products
Abstract
A methodology for providing secure session management is presented. After a single-use token has been issued to a client, it presents the token, and the server may identify the client based upon the presented token. However, the token may be used only once without being refreshed prior to re-use, thereby causing the token to be essentially reissued upon each use. The token comprises a session identifier that allows the issuer of the token to perform session management with respect to the receiving entity. Tokens can be classified into two types: domain tokens and service tokens. Domain tokens represent a client identity to a secure domain, and service tokens represent a client identity to a specific service. A domain token may be used with any service within a domain that recognizes the domain token, but a service token is specific to the service from which it was obtained.
189 Citations
24 Claims
-
1. A method for controlling access to protected resources within a distributed data processing system, the method comprising:
-
receiving at a first server from a client a request to access a protected resource and a single-use token associated with the client or a user of the client;
validating the single-use token, wherein the single-use token comprises session information for performing session management with respect to the client;
generating a response to the request;
refreshing the single-use token; and
sending the response and the refreshed single-use token to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus for controlling access to protected resources within a distributed data processing system, the apparatus comprising:
-
means for receiving at a first server from a client a request to access a protected resource and a single-use token associated with the client or a user of the client;
means for validating the single-use token, wherein the single-use token comprises session information for performing session management with respect to the client;
means for generating a response to the request;
means for refreshing the single-use token; and
means for sending the response and the refreshed single-use token to the client. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24)
-
-
17. A computer program product on a computer readable medium for controlling access to protected resources within a distributed data processing system, the computer program product comprising:
-
instructions for receiving at a first server from a client a request to access a protected resource and a single-use token associated with the client or a user of the client;
instructions for validating the single-use token, wherein the single-use token comprises session information for performing session management with respect to the client;
instructions for generating a response to the request;
instructions for refreshing the single-use token; and
instructions for sending the response and the refreshed single-use token to the client.
-
Specification