HTTP session validation module
US10778668B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 2, 2017 |
| Grant date | Sep 15, 2020 |
| Priority date | — |
| Expiry date | Feb 12, 2038 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L67/02
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A web server receives a packet including a web request from a browser of a client. The request includes a session cookie comprising a client token and a session identifier. A secret session token is calculated based on the session identifier and header data that includes data from one or more packet header fields. The web request is processed if the secret session token matches the client token and blocked otherwise. Determining the secret session token may include hashing the session identifier, at least a portion of a user agent string included in a user agent header of the web request, and at least a portion of a source IP address included in an IP header of the packet. The secret session token may have been provided to the client as a session cookie included in a response to an initial web request from the client.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.