SYSTEMS AND METHODS FOR PREVENTING SESSION FIXATION OVER DOMAIN PORTAL
In one embodiment, a method includes a system receiving a request from a user's device, the request being directed to a first host. The system may generate a key, a verification token, and an encrypted key. The system may transmit the verification token and the encrypted key to the device from...
Gespeichert in:
| Hauptverfasser: | , , , |
|---|---|
| Format: | Patent |
| Sprache: | chi ; eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | In one embodiment, a method includes a system receiving a request from a user's device, the request being directed to a first host. The system may generate a key, a verification token, and an encrypted key. The system may transmit the verification token and the encrypted key to the device from the first host, and transmit instructions configured to cause (1) the verification token to be stored asa cookie associated with the first host, and (2) the device to transmit the encrypted key to a second host. The system may receive a second request comprising the encrypted key from the device, and decrypt it to obtain the key upon determining that the encrypted key was not previously decrypted. The system may transmit the key to the device from the second host, and instruct the device to store the key as a cookie associated with the second host.
在一个实施例中,方法包括系统从用户的设备接收请求,该请求被定向到第一主机。系统可以生成密钥、验证令牌和加密密钥。系统可以从第一主机向设备传输验证令牌和加密密钥,并且传输指令,指令被配置成使得:(1)验证令牌被存储为与第一主机相关联的cookie,以及(2)设备向第二主机传输加密密钥。系统可以从设备接收包括加密密钥的第二请求,并在确定加密密钥之前未 |
|---|