Secure session management with cookies

HTTP (hypertext transfer protocol) is a stateless protocol widely used in Internet World Wide Web. The idea behind a stateless design is to simplify the server conception because there is no need to dynamically allocate storage to deal with conversations in progress. If a client dies in mid-transaction, no part of the system needs to be responsible for cleaning the present state of the server. However, this forces Web developers to use alternative methods to authenticate HTTP requests and to maintain users´ states. A common method for solving this problem involves sending and receiving cookies. Such mechanism implies a serious security threats. Some secure cookie solutions have been proposed in literature, but still vulnerable, particularly to replay attacks. In this paper, we propose a secure cookie mechanism that implements an intermediary reverse Proxy patterns to ensure users´ sessions management and to provide the following security services: source authentication, integrity control and no-replay attacks.