Systems and methods for using a client agent to manage HTTP authentication cookies
First Claim
1. A method for using a client agent to enable secure authentication in a virtual private network environment using an HTTP cookie, the method comprising:
- (a) intercepting, by a client agent executing on a client, an HTTP communication comprising an authentication cookie from an appliance on a virtual private network to the client, the appliance verifying via the authentication cookie that a request of the client corresponds to a particular session;
(b) removing, by the client agent, the authentication cookie from the HTTP communication;
(c) storing, by the client agent, the authentication cookie;
(d) transmitting, by the client agent, the HTTP communication without the authentication cookie to an application executing on the client having a session with a server;
(e) intercepting, by the client agent at a network layer of a network stack of the client, an HTTP request transmitted from the application to the server via the session;
(f) inserting, by the client agent in the HTTP request, the authentication cookie; and
(g) transmitting, by the client agent, the HTTP request having the authentication cookie to the appliance, the appliance to verify via the authentication cookie that the HTTP request corresponds to the session prior to forwarding the HTTP request to the server.
8 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described for using a client agent to manage HTTP authentication cookies. One method includes intercepting, by a client agent executing on a client, a connection request from the client; establishing, by the client agent, a transport layer virtual private network connection with a network appliance; transmitting, by the client agent via the established connection, an HTTP request comprising an authentication cookie; and transmitting, by the client agent via the connection, the connection request. A second method includes intercepting, by a client agent executing on a client, an HTTP communication comprising a cookie from an appliance on a virtual private network to the client; removing, by the client agent, the cookie from the HTTP communication; storing, by the client agent, the received cookie; transmitting, by the client agent, the modified HTTP communication to an application executing on the client; intercepting, by the client agent, an HTTP request from the client; inserting, by the client agent in the HTTP request, the received cookie; and transmitting the modified HTTP request to the appliance. Corresponding systems are also described.
-
Citations
21 Claims
-
1. A method for using a client agent to enable secure authentication in a virtual private network environment using an HTTP cookie, the method comprising:
-
(a) intercepting, by a client agent executing on a client, an HTTP communication comprising an authentication cookie from an appliance on a virtual private network to the client, the appliance verifying via the authentication cookie that a request of the client corresponds to a particular session; (b) removing, by the client agent, the authentication cookie from the HTTP communication; (c) storing, by the client agent, the authentication cookie; (d) transmitting, by the client agent, the HTTP communication without the authentication cookie to an application executing on the client having a session with a server; (e) intercepting, by the client agent at a network layer of a network stack of the client, an HTTP request transmitted from the application to the server via the session; (f) inserting, by the client agent in the HTTP request, the authentication cookie; and (g) transmitting, by the client agent, the HTTP request having the authentication cookie to the appliance, the appliance to verify via the authentication cookie that the HTTP request corresponds to the session prior to forwarding the HTTP request to the server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer implemented system for using a client agent to enable secure authentication in a virtual private network environment using an HTTP cookie, the system comprising:
-
a client computing device; and a client agent executing on the client which intercepts an HTTP communication comprising a cookie from an appliance on a virtual private network to the client, the appliance verifying via the authentication cookie that a request of the client corresponds to a particular session; and wherein the client agent removes the cookie from the HTTP communication;
stores the received cookie;
transmits the modified HTTP communication to an application executing on the client having a session with a server;
intercepts, an HTTP request from the client to the server via the session;
inserting in the HTTP request, the received authentication cookie; and
transmitting the modified HTTP request having the authentication cookie to the appliance, the appliance to verify via the authentication cookie that the HTTP request corresponds to the session prior to forwarding the HTTP request to the server. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method using a client agent to enable secure authentication using a cookie, the method comprising:
-
(a) establishing, by a client agent executing on a client device, a transport layer connection with a network device intermediary to the client device and a server; (b) receiving, by the client agent, an Hypertext Transfer Protocol communication from the network device, an HTTP communication comprising an authentication cookie, the authentication cookie comprising an authentication string for the network device to verify a request corresponds to a particular session; (c) storing, by the client agent, the authentication cookie removed from the HTTP communication; (d) communicating, by the client agent, the HTTP response without the cookie to an application executing on the client device having a session with the server; (e) transmitting, by the application on the client via the session an HTTP request to the server; (f) intercepting, by the client agent at a network layer of a network stack of the client device, the HTTP request; (g) adding, by the client agent, the authentication cookie from storage to the HTTP request; and (h) transmitting, by the client agent, the HTTP request having the authentication cookie to the network device, the network device to verify via the authentication cookie that the HTTP request corresponds to the session prior to forwarding the HTTP request to the server.
-
Specification