Method for preventing session token theft
First Claim
1. A method for preventing the theft of a session token comprising the steps of:
- a. detecting a submission of a first request from the client'"'"'s browser to a protected site;
b. redirecting said first request to the traffic processor for monitoring said first request;
c. forwarding said first request from said traffic processor to said protected site;
d. receiving the response containing the session token from said protected site by said traffic processor;
e. storing said session token in the session table;
f. providing a token index for indexing said session token stored in said session table;
g. modifying the content of said response by changing said session token to said token index; and
h. forwarding the modified response from said traffic processor to said browser.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention relates to a method for preventing the theft of a session token comprising the steps of: (a) detecting a submission of a first request from the client'"'"'s browser to a protected site; (b) redirecting said first request to the traffic processor for monitoring said first request; (c) forwarding said first request from said traffic processor to said protected site; (d) receiving the response containing the session token from said protected site by said traffic processor; (e) storing said session token in the session table; (f) providing a token index for indexing said session token stored in said session table; (g) modifying the content of said response by changing said session token to said token index; and (h) forwarding the modified response from said traffic processor to said browser.
-
Citations
6 Claims
-
1. A method for preventing the theft of a session token comprising the steps of:
-
a. detecting a submission of a first request from the client'"'"'s browser to a protected site; b. redirecting said first request to the traffic processor for monitoring said first request; c. forwarding said first request from said traffic processor to said protected site; d. receiving the response containing the session token from said protected site by said traffic processor; e. storing said session token in the session table; f. providing a token index for indexing said session token stored in said session table; g. modifying the content of said response by changing said session token to said token index; and h. forwarding the modified response from said traffic processor to said browser. - View Dependent Claims (2, 3, 4, 5, 6)
-
Specification