Method and apparatus for securing session information of users in a web application server environment
First Claim
Patent Images
1. A method in a data processing system for managing an information request, comprising:
- establishing a session, including authenticating a client based on a presented credential;
generating a session identification in response to the session being established;
associating the presented credential with session data;
sending the session identification to the client;
receiving a request for information and a credential and the session identification from the client;
determining whether the session identification is valid;
determining whether the credential is valid for both the client and the session data;
sending the information to the client in response to the session identification and the credential being valid.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for securing hypertext transfer protocol sessions authenticates a user'"'"'s credentials before creating a session. The present invention then associates the session with the credentials. Subsequent requests are submitted with the session ID and the user credentials to be associated with the session. Therefore, an unauthorized user that has obtained a session ID cannot gain access to sensitive content associated with the session without possessing the valid credentials.
-
Citations
37 Claims
-
1. A method in a data processing system for managing an information request, comprising:
-
establishing a session, including authenticating a client based on a presented credential; generating a session identification in response to the session being established; associating the presented credential with session data; sending the session identification to the client; receiving a request for information and a credential and the session identification from the client; determining whether the session identification is valid; determining whether the credential is valid for both the client and the session data; sending the information to the client in response to the session identification and the credential being valid. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method in a data processing system for managing an information request, comprising:
-
receiving a request for information and a session identification and a first credential from a client; determining whether the session identification is valid; retrieving a session data structure including a second credential in response to the session identification being valid; determining whether the first credential and the second credential match; and fulfilling the request for information in response to the first credential and the second credential matching. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. An apparatus for managing an information request, comprising:
-
session means for establishing a session, including authenticating a client based on a presented credential; generating means for generating a session identification in response to the session being established; association means for associating the presented credential with session data; first sending means for sending the session identification to the client; receipt means for receiving a request for information and a credential and the session identification from the client; first determining means for determining whether the session identification is valid; second determining means for determining whether the credential is valid for both the client and the session data; and second sending means for sending the information to the client in response to the session identification and the credential being valid. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. An apparatus for managing an information request, comprising:
-
a processor; and a memory electrically connected to the processor, the memory having stored therein a program to be executed on the processor for performing; receiving a request for information and a session identification and a first credential from a client; determining whether the session identification is valid; retrieving a session data structure including a second credential in response to the session identification being valid; determining whether the first credential and the second credential match; and fulfilling the request for information in response to the first credential and the second credential matching. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34)
-
-
35. A computer program product, in a computer readable medium, for managing an information request, comprising:
-
instructions for establishing a session, including authenticating a client based on a presented credential; instructions for generating a session identification in response to the session being established; instructions for associating the presented credential with session data; instructions for sending the session identification to the client; instructions for receiving a request for information and a credential and the session identification from a client; instructions for determining whether the session identification is valid; instructions for determining whether the credential is valid for both the client and the session data; instructions for sending the information to the client in response to the session identification and the credential being valid.
-
-
36. A computer program product, in a computer readable medium, for managing an information request, comprising:
-
instructions for receiving a request for information and a session identification and a first credential from a client; instructions for determining whether the session identification is valid; instructions for retrieving a session data structure including a second credential in response to the session identification being valid; instructions for determining whether the first credential and the second credential match; and instructions for fulfilling the request for information in response to the first credential and the second credential matching.
-
-
37. A method in a data processing system for managing an information request, comprising:
-
authenticating a client based on a presented credential; generating a session identification in response to the client being authenticated; associating the presented credential with session data; sending the session identification to the client; receiving a request for information and a credential and the session identification from the client; determining whether the session identification is valid; determining whether the credential is valid for both the client and the session data; and sending the information to the client in response to the session identification and the credential being valid.
-
Specification