Secure cache of web session information using web browser cookies

摘要

A secure method and system for accessing a cache for web session is provided using web browser cookies. The cache for the web session data uses an encoded identifier, determined using for example the Keyed-Hash Message Authentication Code, based on information identifying a client. The client communication is accompanied by a cookie (persistent state object) that also includes the identifier encoded in the same manner. This encoded identifier in the received cookie is used for accessing the cached data. Where a secure communication channel is available, such as a secure socket layer (SSL connection), a second cookie which is only transmitted over SSL is used as a signature for the first cookie.