US 12,120,226 B2
Preventing HTTP cookie stealing using cookie morphing
Daniel G. Wing, Truckee, CA (US); Ratnesh Singh Thakur, San Jose, CA (US); Arkesh Kumar, San Jose, CA (US); Raghukrishna Hegde, Milpitas, CA (US); Nivedita Jagdale, Santa Clara, CA (US); Ramachandra Kasyap Marmavula, Newark, CA (US); Joseph Hoelbrandt, Gilroy, CA (US); and Girish Chandra Padhi, Bangalore (IN)
Assigned to Citrix Systems, Inc., Fort Lauderdale, FL (US)
Filed by Citrix Systems, Inc., Fort Lauderdale, FL (US)
Filed on Nov. 13, 2020, as Appl. No. 17/097,255.
Prior Publication US 2022/0158831 A1, May 19, 2022
Int. Cl. H04L 9/08 (2006.01); H04L 9/40 (2022.01); H04L 67/02 (2022.01)
CPC H04L 9/0861 (2013.01) [H04L 63/1466 (2013.01); H04L 67/02 (2013.01)] 24 Claims
OG exemplary drawing
 
1. A method comprising:
receiving, by a client via a device, an authentication cookie for access to a server, the device maintaining a sequence number and a cryptographic secret;
receiving, by the client from the device, a cookie engine, the cookie engine being executable code that when executed generates validation cookie information;
generating, by the client using the cryptographic secret and the cookie engine, validation cookie information with an updated sequence number increased by the client by a predetermined defined value responsive to generating the validation cookie information; and
sending, by the client to the device via a hypertext transfer protocol (HTTP) message, the authentication cookie, and the validation cookie information with the updated sequence number to validate the authentication cookie.