Secure Common Web Server Session - Sharing object data across deployed Java web applications on the same web server

摘要

When web applications are deployed to a Java web server, there is no consistent or easy way to share object data among them. In this paper, we propose a mechanism, the Secure Common Web Server Session (SCWSS), which allows object data to be shared across deployed web applications, independent of the web server or any other implementation specifics, in a manner similar to storing session objects in Java. In SCWSS, the byte representation of the object data is first encoded to ASCII format, then encrypted (currently using DES), and finally saved in a cookie with a name supplied by the developer at the root level. Data can then be retrieved by any other application deployed to the same web server that can supply the correct encryption key. The proposed mechanism has been implemented, tested using various browsers, and analyzed for shortcomings and possible improvement.