This disclosure relates to the field of computers. More particularly, a system, method, and apparatus are provided for verifying the authenticity or validity of a cookie or other unique identifier, to ensure it is being used by the same device or user to which it was issued.
Cookies (e.g., web cookies, browser cookies, Internet cookies) are data delivered to a user's browser from a website when the browser is navigated to that website, and usually comprise randomly generated text. After the cookie is stored by the browser, when the browser is again navigated to the same website it transmits the cookie to the website, thereby allowing the website to know that the browser and the device that incorporates the browser have previously visited the site.
Usually, the cookie also contains state information and/or some indication of the user's activity within the website so that the website can differentiate between users. Some specific types of cookies provide or enable unique functions, such as authentication cookies that indicate whether or not the associated user is logged into a website or service, and session cookies that identify users during sessions of activity with a website. Many websites rely on cookies to uniquely identify users and/or individual user sessions.
However, many cookies are vulnerable to theft, copying, or spoofing. For example, after a valid user logs in to a website that sends the user an authentication cookie, that cookie could be intercepted or copied and then used by another user on another computing device. When the other user navigates his or her browser to the same website, the browser will produce the cookie and the website may treat the other user as the valid user.