Atomic session-start operation combining clear-text and encrypted sessions to provide ID visibility to middleware such as load-balancers
First Claim
1. A system comprising:
- a server device configured to;
initiate, in response to a reference to an encrypted component on a clear-text web page comprising an invisible image file, an assignment operation to generate an encrypted-session identifier and a server-assignment cookie having a same server-assignment, andtransmit the encrypted-session identifier and the server-assignment cookie to a client device.
4 Assignments
0 Petitions
Accused Products
Abstract
A load-balancer assigns incoming requests to servers at a server farm. An atomic operation assigns both un-encrypted clear-text requests and encrypted requests from a client to the same server at the server farm. An encrypted session is started early by the atomic operation, before encryption is required. The atomic operation is initiated by a special, automatically loaded component on a web page. This component is referenced by code requiring that an encrypted session be used to retrieve the component. Keys and certificates are exchanged between a server and the client to establish the encrypted session. The server generates a secure-sockets-layer (SSL) session ID for the encrypted session. The server also generates a server-assignment cookie that identifies the server at the server farm. The server-assignment cookie is encrypted and sent to the client along with the SSL session ID. The Client decrypts the server-assignment cookie and stores it along with the SSL session ID. The load-balancer stores the SSL session ID along with a server assignment that identifies the server that generated the SSL session ID. When other encrypted requests are generated by the client to the server farm, they include the SSL session ID. The load-balancer uses the SSL session ID to send the requests to the assigned server. When the client sends a non-encrypted clear-text request to the server farm, it includes the decrypted server-assignment cookie. The load balancer parses the clear-text request to find the server-assignment cookie. The load-balancer then sends the request to the assigned server.
58 Citations
25 Claims
-
1. A system comprising:
a server device configured to; initiate, in response to a reference to an encrypted component on a clear-text web page comprising an invisible image file, an assignment operation to generate an encrypted-session identifier and a server-assignment cookie having a same server-assignment, and transmit the encrypted-session identifier and the server-assignment cookie to a client device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
14. A method comprising:
-
initiating, in response to a reference to an encrypted component on a clear-text web page comprising an invisible image file and using a processing device, a server-assignment operation to generate an encrypted-session identifier and a server-assignment cookie, having a same server-assignment; and transmitting the encrypted-session identifier and the server-assignment cookie to a client device. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A system comprising:
-
means for initiating, in response to a reference to an encrypted component on a clear-text web page comprising an invisible image file, a server-assignment operation to generate an encrypted-session identifier and a server-assignment cookie having a same server-assignment; and means for transmitting the encrypted-session identifier and the server-assignment cookie to a client device.
-
-
25. A non-transitory computer-readable storage medium having instructions stored thereon, the instructions comprising:
-
instructions to perform, in response to a reference to an encrypted component on a clear-text web page comprising an invisible image file and using a processing device, a server-assignment operation to generate an encrypted-session identifier and a server-assignment cookie having a same server-assignment; and instructions to transmit, using the processing device, the encrypted session-identifier and the server-assignment cookie to a client device.
-
Specification