RFC 6896

SCS: KoanLogic's Secure Cookie Sessions for HTTP, March 2013

File formats:
icon for text file icon for PDF icon for HTML icon for inline errata
S. Barbato
S. Dorigotti
T. Fossati, Ed.

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC6896

Discuss this RFC: Send questions or comments to the mailing list rfc-ise@rfc-editor.org

Other actions: View Errata  |  Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 6896


This memo defines a generic URI and HTTP-header-friendly envelope for carrying symmetrically encrypted, authenticated, and origin-timestamped tokens. It also describes one possible usage of such tokens via a simple protocol based on HTTP cookies.

Secure Cookie Session (SCS) use cases cover a wide spectrum of applications, ranging from distribution of authorized content via HTTP (e.g., with out-of-band signed URIs) to securing browser sessions with diskless embedded devices (e.g., Small Office, Home Office (SOHO) routers) or web servers with high availability or load- balancing requirements that may want to delegate the handling of the application state to clients instead of using shared storage or forced peering.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.

Advanced Search