Server-side filter for corrupt web-browser cookies
First Claim
1. A server-based, computer implemented method for detecting and eliminating invalid server-supplied data from client machines comprising the following steps performed following the receipt of a request for services from a client web browser which request is accompanied by server data placed on the client web machine via commands for the web browser included in transport protocol response headers sent by the server or by related servers on earlier occasions:
- scanning the server data which is received from the client web browser to identify invalid data;
determining an identifier that accompanies any data which is invalid; and
as part of a server response sent to the client web browser, including in the response a command or commands that causes only the invalid data, identified by the identifier, to be neutralized.
2 Assignments
0 Petitions
Accused Products
Abstract
A server that services a number of client computers over an Internet type of a network and that sends cookies to web browsers on those client computers is able to screen out and delete all cookies containing invalid data values. When a client computer web browser submits a request to the server, such as an HTTP request for a web page, the client web browser automatically sends to the server the names and data contents of all cookies that originally came from that server or a related server. The server screens this cookie data contents for illegal data values. If any are found, then when the server next delivers a document to the client web browser, the server inserts into the HTTP header that is associated with the HTML document commands directing the replacement of all named cookies containing erroneous data with new cookies having their expiration dates set to zero so that they are promptly discarded by the client web browser.
95 Citations
24 Claims
-
1. A server-based, computer implemented method for detecting and eliminating invalid server-supplied data from client machines comprising the following steps performed following the receipt of a request for services from a client web browser which request is accompanied by server data placed on the client web machine via commands for the web browser included in transport protocol response headers sent by the server or by related servers on earlier occasions:
-
scanning the server data which is received from the client web browser to identify invalid data;
determining an identifier that accompanies any data which is invalid; and
as part of a server response sent to the client web browser, including in the response a command or commands that causes only the invalid data, identified by the identifier, to be neutralized. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
13. A system for detecting and eliminating invalid data from client web browsers comprising:
-
a server designed to communicate over a network with clients;
a client message receiver and transmitter on the server that is arranged to receive and to process incoming client messages and to transmit return messages back to clients;
a scanner that scans at least some messages flowing into the server coming from clients over the network and including a detector that can detect incoming server data returned to the server by the client and originally supplied to the client on earlier occasions by the server or by a related server;
a data integrity tester that tests the integrity of such incoming server data; and
a message insertion command generator placed into operation when the data integrity tester identifies invalid data in such incoming server data that causes the message receiver and transmitter, when transmitting a return message back to a client from which invalid data was received, to include within the return message one or more commands that causes the client to neutralized the invalid data without neutralizing other valid data.
-
Specification