Client token storage for cross-site request forgery protection
First Claim
1. A computer-implemented method for securing against cross-site request forgery, the method comprising:
- initiating, by a web browser of a client computing device, an action directed to a first web service;
generating, by the client computing device, an electronic token for the action;
redirecting browsing, by the client computing device, to a second web service while providing a passed token copy to the second web service;
receiving, from the second web service by the client computing device, the passed token copy upon completing, by the client computing device, an operation associated with the second web service;
determining, by the client computing device, that the received passed token copy matches the generated token; and
performing, by the client computing device, the action in response to determining that the received passed token copy matches the stored token.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods can secure against cross-site request forgery using client-side token storage. A client browser can initiate an action associated with a first web service and generate a token. The token may be stored in client-side storage at the computing device. An indicator of the action may also be stored within the client-side storage. A return link, associated with a passed copy of the token, may be generated. The client may perform the redirect and return to the first web service according to the return link. The passed copy of the token can be extracted from the return link. The indicator of the action and the stored token may be loaded from the client storage. The passed copy of the token and the stored token may be compared. The action according to the indicator of the action may be performed in response to the comparison matching.
67 Citations
21 Claims
-
1. A computer-implemented method for securing against cross-site request forgery, the method comprising:
-
initiating, by a web browser of a client computing device, an action directed to a first web service; generating, by the client computing device, an electronic token for the action; redirecting browsing, by the client computing device, to a second web service while providing a passed token copy to the second web service; receiving, from the second web service by the client computing device, the passed token copy upon completing, by the client computing device, an operation associated with the second web service; determining, by the client computing device, that the received passed token copy matches the generated token; and performing, by the client computing device, the action in response to determining that the received passed token copy matches the stored token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system, comprising:
-
a user computing device associated with a browser; and a first web service, where in the user computing device is configured to; receive, via the browser, initiation of an action directed to the first web service; generate a token for the initiated action; redirect browsing to a second web service while providing the passed copy of the token to the second web service; receive, from the second web service by the user computing device, the passed token copy upon completing an operation associated with the second web service; determine that the received passed copy of the token matches the generated token; and perform the action in response to determining that the received passed copy of the token matches the generated token. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A computer program product, comprising:
-
a non-transitory computer-readable medium having computer-readable program code embodied therein that, when executed by a client computing device, performs a method comprising; initiating, by a browser of the client computing device, an action directed to a first web service; generating, by the client computing device, a token for the action; redirecting browsing, by the client computing device, to a second web service while providing the passed copy of the token to the second web service; receiving, from the second web service by the client computing device, the passed token copy upon completing, by the client computing device, an operation associated with the second web service; determining, by the client computing device, that the received passed copy of the token matches the generated token; and performing, by the client computing device, the action in response to determining that the passed copy of the token matches the generated token. - View Dependent Claims (17, 18, 19, 20, 21)
-
Specification