Within a typical authenticated website, when a customer successfully authenticates into the website's server, the server generates an authentication token for that customer's session. This authentication token bears the proof that the customer has been successfully authenticated within the session. Any subsequent requests to the server for protected resources must include the token so that the server may validate that the customer is indeed authenticated prior to serving the request. The authentication token is typically carried through browser cookies. Most authenticated websites use this authentication token as the sole means for determining whether the customer is authenticated. One significant disadvantage of this approach is that once the token is stolen, the token thief will be able to replay the customer's session from any device before the token expires. Thus, there is a need for an additional level of security added to authentication tokens.