1. Field of the Invention
The present invention relates generally to an improved data processing system, and in particular, to providing data security. Still more particularly, the present invention relates to a system, and computer usable program code for securing asynchronous client server transactions.
2. Description of the Related Art
Data is frequently exchanged between various data processing systems using one or more data networks. Some data processing systems may be regarded as client data processing systems in that they are consumers of data or services. Other data processing systems may be regarded as server data processing systems in that they provide the requested data or services. Applications executing as clients, to wit, as consumers of data or services, are called client applications. Applications executing as servers, to wit, providing data or services, are called server applications.
Security of the data, the systems the data resides on, and the networks where the systems operate, is a concern in data communications. Typically, security of a data processing system, contents thereof, and networks that the data processing system operates on is accomplished by some security mechanism. A user identifier (UID) and password authentication is a common method of accomplishing security objectives in data processing environments.
Client and server data processing systems may communicate with each other using a variety of protocols. Data communication occurring between a client and a server data processing system includes a series of requests and responses. Requests and responses that are related to one another form a transaction.
Security of the client server transactions is presently achieved in a variety of ways. Certain protocols, such as HyperText Transfer Protocol Secure (HTTPS) accomplish security of the client server transactions by using encryption and secure identification of the server data processing system. Certain other transaction security mechanisms include using session identifiers (session ID). A session ID is an identifier used to identify a session between a client and a server data processing system. A typical session may include a series of transactions.
In some cases, a client may request data from a server asynchronously. Asynchronous data transfer is transferring data without interfering with the behavior of an ongoing task. For example, a web browser application may be a client application. The web browser may request data from a web server asynchronously such that the behavior or the display of a page being displayed in the web browser is not affected by the asynchronous data request or response. An asynchronous request also does not wait for a corresponding response. In other words, a response to an asynchronous request may arrive and be processed at the client at any time. The client does not wait for a response to an asynchronous request, but continues to work on other tasks.
An asynchronous request is a request for asynchronous data or service. An asynchronous client server transaction is a client server transaction occurring asynchronously with respect to another ongoing task.
Asynchronous JavaScript and XML (AJAX) is a technology presently used for creating and performing asynchronous client server transactions. Asynchronous client server transactions are particularly useful in improving the performance of the web applications and in improving user experience.