Secure cache of web session information using web browser cookies
First Claim
1. A computer-implemented method for a web-based system to provide data to a client from a data cache, the system comprising a server, the method comprising the following steps:
- a) the server generating a cookie comprising an encoded client identifier for the client, the encoded client identifier being generated using the HMAC protocol, b) the server delivering the cookie to the client;
c) storing the data in the data cache in association with a cache key, the cache key for the data being generated in a manner dependent on the encoded client identifier, d) the data cache receiving a request including a copy of the cookie from the client; and
e) the data cache retrieving the data from the data cache using the encoded client identifier provided in the copy of the cookie in the request, f) the data cache delivering said data to the client.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure method and system for accessing a cache for web session is provided using web browser cookies. The cache for the web session data uses an encoded identifier, determined using for example the Keyed-Hash Message Authentication Code, based on information identifying a client. The client communication is accompanied by a cookie (persistent state object) that also includes the identifier encoded in the same manner. This encoded identifier in the received cookie is used for accessing the cached data. Where a secure communication channel is available, such as a secure socket layer (SSL connection), a second cookie which is only transmitted over SSL is used as a signature for the first cookie.
-
Citations
8 Claims
-
1. A computer-implemented method for a web-based system to provide data to a client from a data cache, the system comprising a server, the method comprising the following steps:
-
a) the server generating a cookie comprising an encoded client identifier for the client, the encoded client identifier being generated using the HMAC protocol, b) the server delivering the cookie to the client;
c) storing the data in the data cache in association with a cache key, the cache key for the data being generated in a manner dependent on the encoded client identifier, d) the data cache receiving a request including a copy of the cookie from the client; and
e) the data cache retrieving the data from the data cache using the encoded client identifier provided in the copy of the cookie in the request, f) the data cache delivering said data to the client. - View Dependent Claims (2, 8)
-
-
3. A computer-implemented method for a web-based system to provide data to a client from a data cache, the system comprising a server, the method comprising the following steps:
-
a) the server generating a first state object comprising an encoded client identifier for the client, b) the server generating a second state object comprising a unique value and an encoded value, the encoded value being encoded using the unique value and the encoded client identifier;
c) the server delivering the first state object to the client;
d) the server delivering the second state object to the client using a secure connection;
e) storing the data in the data cache in association with a cache key, the cache key for the data being generated in a manner dependent on the encoded client identifier;
f) the server receiving a request from the client over a secure channel, the request including a copy of the first state object and a copy of the second state object;
g) verifying the validity of the first state object by extracting the unique value and the encoded value from the received copy of the second state object, encoding said unique value from the received copy of the second state object and the encoded client identifier from the received copy of the first state object to produce a result, and comparing the result with the encoded value to verify the received copy of the first state object; and
h) in the case that the validity of the first state object is verified, retrieving the data in the data cache using the encoded client identifier, and delivering the data to the authorized client. - View Dependent Claims (4, 5, 6, 7)
-
Specification