Secure Common Web Server Session: Sharing Object Data Across Deployed Java Web Applications on the Same Web Server

Chad Cook, Lei Chen

Research output: Contribution to book or proceedingChapter

Abstract

When web applications are deployed to a Java web server, there is no consistent or easy way to share object data among them.  In this paper, we propose a mechanism, the Secure Common Web Server Session (SCWSS), which allows object data to be shared across deployed web applications, independent of the web server or any other implementation specifics, in a manner similar to storing session objects in Java. In SCWSS, the byte representation of the object data is first encoded to ASCII format, then encrypted (currently using DES), and finally saved in a cookie with a name supplied by the developer at the root level. Data can then be retrieved by any other application deployed to the same web server that can supply the correct encryption key. The proposed mechanism has been implemented, tested using various browsers, and analyzed for shortcomings and possible improvement.
Original languageAmerican English
Title of host publicationProceedings of the International Conference on Security and Management
StatePublished - Jul 18 2011

Keywords

  • Cookies
  • Encryption
  • Java
  • Secure
  • Session
  • Web applications

DC Disciplines

  • Databases and Information Systems

Fingerprint

Dive into the research topics of 'Secure Common Web Server Session: Sharing Object Data Across Deployed Java Web Applications on the Same Web Server'. Together they form a unique fingerprint.

Cite this