SCS: KoanLogic's Secure Cookie Sessions for HTTP, March 2013
- Canonical URL:
- File formats:
- S. Barbato
T. Fossati, Ed.
Discuss this RFC: Send questions or comments to firstname.lastname@example.org
This memo defines a generic URI and HTTP-header-friendly envelope for carrying symmetrically encrypted, authenticated, and origin-timestamped tokens. It also describes one possible usage of such tokens via a simple protocol based on HTTP cookies. Secure Cookie Session (SCS) use cases cover a wide spectrum of applications, ranging from distribution of authorized content via HTTP (e.g., with out-of-band signed URIs) to securing browser sessions with diskless embedded devices (e.g., Small Office, Home Office (SOHO) routers) or web servers with high availability or load- balancing requirements that may want to delegate the handling of the application state to clients instead of using shared storage or forced peering.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 4844.