Hypertext transfer protocol (HTTP) is a protocol having request-response semantics for transferring web pages from servers to clients. Some communication protocols such as HTTP are intrinsically stateless in that the request-response pattern is self-contained. While such a design allows scaling, it is very difficult to carry on stateful interactions using such protocols as there is no way for the server to correlate one request from a client with future requests from the same client. Further, state-management is necessary for some applications such as electronic commerce. For example, persisting state allows an application to maintain a shopping cart, to recognize a returning customer, and to display localized content. With state management, an application provides for a user to customize the appearance of a web page such that when the user visits the site later, the customized appearance is preserved.
An existing solution for this problem is for the client to store a block of data known as a cookie containing state information generated by a server and sent to the client. Cookies were standardized as Internet Engineering Task Force (IETF) Request for Comments (RFC) 2965. Presently, cookies are widely supported by web browsers and allow a server to store arbitrary state information on the client. However, cookies have historically proven vulnerable to exploits leading to compromise of the information stored in the cookies.
Another existing solution to the state management problem includes embedding compressed or uncompressed state information within a uniform resource locator (URL) used to access a web page (e.g., as a query string). However, due to the nature of the URL syntax, there is a limit to the amount and type of state information that can be embedded within the URL. In addition, the embedded state information typically remains available to only one communication session. Creating another session results in new embedded state information.
Similarly, some existing systems embed a session key or other identifier in the URL and/or within hyperlinks within the delivered web pages. The session key corresponds to state information stored on the client or the server. The existing systems retrieve the stored state information via the session key. However, as with the state information embedded within the URL, the session key and corresponding stored state information are associated with only one communication session.
For these reasons, a system for managing state information across communication sessions between a client and a server via a stateless protocol is desired to address one or more of these and other disadvantages.