A DEFENCE MECHANISM AGAINST COOKIE REPLAY ATTACK IN SINGLE SIGN-ON OF WEB APPLICATION

摘要

A cookie in a web application is simple and widely used by minimizing a load on the server. However, the cookie is vulnerable to a retransmission attack of a method of inputting in a cookie editor by reusing the cookie. The cookie has been widely used even in an SSO capable of authenticating multiple sites by logging in once so that requires supplementation because safety is low. In the present invention, provided is a method of protecting the retransmission attack in the SSO caused by vulnerability of the cookie. A defense technique is configured to use the start and end of a session token which is searched in database and a session retaining time to protect when the retransmission attack of cookie values is performed.