Providing a web application with measures against vulnerabilities

摘要

An information processing apparatus (20) includes a first session managing unit (136) configured to manage a transaction including a request and a response over a network and a second session managing unit (138) configured to manage authentication identification information of an authenticated user. The information processing apparatus (20) also includes a token generating unit (140) configured to acquire authentication identification information of a requesting user and generate a token value to be included in a first response using an internally managed value, in response to a first request, and a token validating unit (142) configured to acquire the authentication identification information of the requesting user in response to a second request and validate correctness of a token value included in the second request by comparing the token value with a token value calculated using the managed value.