The World Wide Web (“Web” or “WWW”) is a vast collection of interconnected or “hypertext” documents written in HyperText Markup Language (“HTML”), or other markup languages, that are electronically stored at “Web sites” throughout the Internet. A Web site is a server computer connected to the Internet that has mass storage facilities for storing hypertext documents and that runs administrative software for handling requests for those stored hypertext documents. Large-scale Web sites are typically implemented utilizing a two-tier computer systems architecture. The first tier typically comprises a “front-end” Web server computer that receives and processes live requests for Web pages from client computers connected to the Internet. The second tier of the typical large-scale Web site is a “back-end” server computer that stores the Web pages to be served by the front-end server computer. When a request is received at the front-end server computer for a Web page, the front-end server computer retrieves the requested Web page from the back-end server computer and provides the requested page to the requesting client computer. A large degree of efficiency is obtained by separating the front-end server computer that receives the live Web requests from the back-end server computer that stores the available Web pages.
Many large-scale Web sites also store other data at the back-end server computers in addition to the actual Web pages. For instance, a back-end server computer may store Web session data that describes how Web pages delivered to a particular user should be formatted by the front-end server computer. When a request is received from a user, the front-end server computer requests the session data pertaining to the requesting user from the back-end server computer. The back-end server computer then delivers the requested session data to the front-end computer. The front-end server computer may then use the session data to format Web pages requested by the user in the manner preferred by the user. Storing session data at the back-end server computer is advantageous because it allows this data to be accessed by any front-end server computer at which a request from the user is received.
Another advantage of storing session data on a back-end server computer accessible to a front-end server computer is realized when a load balancing mechanism is utilized. A load balancing mechanism receives live Web page requests from client computers and evenly directs the Web page requests from the client computers to a number of available front-end server computers. While the use of such a load balancing mechanism evenly distributes network traffic among many front-end server computers, such a mechanism also makes it difficult to determine which front-end server computer a request will be received at. By storing session data at a back-end server computer accessible to each of the front-end server computers, each of the front-end server computers can utilize this information when responding to Web page requests without storing the information locally.
While storing session data utilized by a front-end server computer on a back-end server computer has its advantages, such a system is not without its drawbacks. The primary drawback of such a system is that many requests from front-end server computers to back-end server computers can quickly consume much of the available network bandwidth between the front- and back-end server computers. Popular Web sites currently receive hundreds of millions of page requests per month. Transmission of the session data associated with such a large number of page requests from the back-end server computers to the front-end server computers can exhaust a large portion of even the highest bandwidth network connection before a single Web page has been transferred. To reduce the volume of communication between the front- and back-end server computers, many large Web sites turn to the use of persistent client objects, otherwise known as “cookies,” to store session data.
A cookie is a block of data that a Web server stores on a client computer system. When a user returns to the same Web site that stored the cookie, the Web browser application program sends a copy of the cookie back to the server. The cookie can then be utilized by the Web server computer to identify the user, to create a version of the requested Web page customized for the user, to identify account information for the user, or for other administrative purposes. Because cookies are stored on the client computer, the bandwidth used by the communication between the front- and back-end server computers in transmitting session data is eliminated. However, although using cookies to transmit session data from a client computer to a server computer does reduce back-end bandwidth usage, cookies are not without a number of serious drawbacks.
The biggest drawback of using cookies as a means for transferring Web server session data is that the relatively low bandwidth connection between the client computer and the front-end server computer requires that the cookies be very small. Because the size of the cookies must be small, the amount of useable data that may be transferred from the client computer to the server computer in a single cookie is minimal. Another drawback to using cookies stems from the fact that cookies are transmitted in the open from the client computer to the server computer. Because cookies are transmitted in the open over the Internet, there is a possibility that the cookies may be intercepted by an unauthorized recipient. An intercepted cookie may then be “replayed” by the unauthorized recipient to gain improper access to the Web server. The use of cookies may also be undesirable because the data encoding scheme utilized by previous systems for creating cookies have not been forward and backwardly compatible with future and previous versions of the Web server application software. Therefore, if additional data items are added to the data encoded in a cookie, previous or future versions of the Web server application software may misunderstand the encoded data when the cookie is received from the client computer and decoded.
Accordingly, in light of the above problems, there is a need for a method and apparatus for encoding and storing session data that minimizes the amount of data transferred between the client and server computers while maximizing the amount of information encoded in the transferred data. There is a further need for a method and apparatus for encoding and storing session data that can store such session data on a client computer and transmit the data to a server computer in a manner that minimizes the likelihood that the data could be utilized by an unauthorized recipient. Furthermore, there is a need for a method and apparatus for encoding and storing session data that utilizes a data encoding format that is forward and backward compatible with previous and future versions of Web server application software.