| 主权项 |
1. A security device, comprising:
one or more processors to:
receive original session information from a server device,
the original session information including an original session identifier;modify the original session identifier, using a first modification technique, to create a first modified session identifier,
the first modified session identifier being a modified version of the original session identifier;provide the first modified session identifier to a user device;receive, from the user device, a first request destined for the server device,
the first request including the first modified session identifier;determine that the first modified session identifier is a current session identifier associated with a session between the user device and the server device;determine the original session identifier based on the first modified session identifier;forward the first request and the original session identifier to the server device;receive a response to the first request from the server device,
the response including the original session identifier;modify the original session identifier, using a second modification technique, to create a second modified session identifier,
the second modification technique being different than the first modification technique;store information indicating that the current session identifier is the second modified session identifier;provide the response, including the second modified session identifier, to the user device;receive a second request destined for the server device,
the second request including the first modified session identifier;determine that the first modified session identifier is not the current session identifier based on the information indicating that the current session identifier is the second modified session identifier; andprovide the second request, without including session information, to the server device,
the server device denying the second request based on not including the session information. |
