database logo graphic

RFC 6896

"SCS: KoanLogic's Secure Cookie Sessions for HTTP", March 2013

Canonical URL:
This document is also available in this non-normative format: PDF.
S. Barbato
S. Dorigotti
T. Fossati, Ed.

Cite this RFC: TXT  |  XML


Other actions: Find Errata (if any)  |  Submit Errata  |  Find IPR Disclosures from the IETF


This memo defines a generic URI and HTTP-header-friendly envelope for carrying symmetrically encrypted, authenticated, and origin-timestamped tokens. It also describes one possible usage of such tokens via a simple protocol based on HTTP cookies. Secure Cookie Session (SCS) use cases cover a wide spectrum of applications, ranging from distribution of authorized content via HTTP (e.g., with out-of-band signed URIs) to securing browser sessions with diskless embedded devices (e.g., Small Office, Home Office (SOHO) routers) or web servers with high availability or load- balancing requirements that may want to delegate the handling of the application state to clients instead of using shared storage or forced peering.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.

Go to the RFC Editor Homepage.