Method and apparatus for maintaining state information on an HTTP client system in relation to server domain and path attributes
Abstract
A method and apparatus for transferring state information between a server computer system and a client computer system. In one embodiment of the method, an http client requests a file, such as an HTML document, on an http server, and the http server transmits the file to the http client. In addition, the http server transmits a state object, which describes certain state information, to the http client. The http client stores the state object, and will typically send the state object back to the http server when making later requests for files on the http server. In a typical embodiment, the state object includes a domain attribute which specifies a domain or network address, and the state object is transmitted from the http client to a server only when the http client makes an http request to the server and the server is within the domain. In one embodiment, the apparatus includes a processor and memory and a computer readable medium which stores program instructions. In the case of the client system, the instructions specify operations such as receiving and storing the state information; in the case of the server system, the instructions specify operations such as sending the state information to a client system.
Claims
exact text as granted — not AI-modified1. A method for subscribing to an on-line information service, said method comprising the steps of:
requesting a first information service from an http server; and transmitting a state object from a client computer system to said http server, said state object being stored on said client system and specifying user information to said http server.
2. A method as in claim 1 wherein said state object specifies user identification information and billing information.
3. A method as in claim 1 further comprising:
requesting a second information service from said http server or an alternative http server;
transmitting said object to said http server or said alternative http server.
4. A method as in claim 3 wherein a user of said on-line information service browses from said first information service to said second information service without having to enter user information.
5. A method of claim 3 wherein said user information comprises subscription information required by a first publisher of said first information service.
6. A method as in claim 5 wherein said user information comprises subscription information required by a second publisher of said second information service.
7. A computer-implemented method performed by a hardware server system, comprising:
receiving, at the server system, a hypertext transfer protocol (HTTP) request from a client; responding to the HTTP request by transmitting an HTTP response to the client wherein the HTTP response includes an HTTP header, the HTTP header including at least one set-cookie instruction specified by a “Set-Cookie:” text string, wherein the set-cookie instruction includes:
a name-value pair, the name-value pair specifying an assignment of a particular value to a particular name and being specified in the set-cookie instruction by a text string in a “NAME=VALUE” format; and
attribute information, wherein the attribute information specifies criteria to enable the client to determine whether to return the name-value pair to the server system with a subsequent HTTP request and wherein the attribute information includes:
a domain attribute that specifies a domain for which the name-value pair is valid, the domain being specified in the set-cookie instruction as a text string in a “domain=DOMAIN” format;
a path attribute specifying a range of Uniform Resource Locators (URLs), in a domain of the server system, for which the name-value pair is valid, the path attribute being specified in the set-cookie instruction as a text string in a “path=PATH” format; and
an expiration attribute that specifies a valid life time for the name-value pair, the valid life time specifying the persistent storage of the name-value pair across one or more browser sessions, each browser session corresponding to a period during which a browser application is running on the client, and terminating on a specified date, the expiration attribute being specified in the set-cookie instruction as a text string in a “expires=DATE” format.
8. The method of claim 7, further comprising: receiving a subsequent HTTP request from the client, wherein the subsequent HTTP request includes the name-value pair, and using the received name-value pair to identify a user.
9. The method of claim 8, wherein the HTTP request is received by a first server in the server system within a domain; and wherein the subsequent HTTP request is received by a second server in the server system within the domain, the second server being a different server from the first server.
10. The method of claim 7, wherein the HTTP header additionally includes a “secure” label indicating that the client should only send the name-value pair over a secure communication channel.
11. The method of claim 7, wherein the name-value pair includes a user identifier.
12. The method of claim 7, wherein the name-value pair includes information used by the server system to determine user preference information.
13. A computer storage device storing a computer program that embodies the method of claim 7.
14. The method of claim 7, wherein the name-value pair includes subscription information used by the server system to determine whether a user is authorized to access restricted content.
15. The method of claim 7, wherein the name-value pair includes information used by the server system to associate a user with one or more items selected for purchase.
16. The method of claim 7, wherein the HTTP response includes HTML content.
17. A computer-implemented server system, for use in a communications network, comprising:
a processing system comprising one or more processors; and a memory comprising one or more computer readable media, wherein the memory stores computer instructions that, when executed by the processing system, cause the server system to perform the operations of:
receiving, from a client, a hypertext transfer protocol (HTTP) request;
sending, in response to the HTTP request, an HTTP response, wherein the HTTP response includes an HTTP header that includes at least one set-cookie instruction specified by a “Set-Cookie:” text string, wherein the set-cookie instruction includes:
a name-value pair, the name-value pair specifying an assignment of a particular value to a particular name and being specified in the set-cookie instruction by a text string in a “NAME=VALUE” format; and
attribute information, wherein the attribute information specifies criteria to enable the client to determine whether to return the name-value pair to the server system with a subsequent HTTP request and wherein the attribute information includes:
a domain attribute that specifies a domain for which the name-value pair is valid, the domain being specified in the set-cookie instruction as a text string in a “domain=DOMAIN” format;
a path attribute that specifies a range of uniform resource locators for which the name-value pair is valid in a domain of the server system, the path being specified in the set-cookie instruction as a text string in a “path=PATH” format; and
an expiration attribute that specifies a valid life time for the first name-value pair, the valid life time specifying the persistent storage of the name-value pair across one or more browser sessions, each browser session corresponding to a period during which a browser application is running on the client, and terminating on a specified date, the expiration attribute being specified in the set-cookie instruction as a text string in a “expires=DATE” format.
18. The server system of claim 17, wherein the memory further stores computer instructions for performing the operations of:
receiving a subsequent HTTP request from the client, wherein the subsequent HTTP request includes the name-value pair; and using the received name-value pair to identify a user.
19. The server system of claim 18, wherein the HTTP request is received by a first server in the server system within a domain; and wherein the subsequent HTTP request is received by a second server in the server system within the domain, the second server being a different server from the first server.
20. The server system of claim 17, wherein the HTTP header in the HTTP response further includes a secure attribute that specifies that the name-value pair should be returned by the client in a subsequent HTTP request only if the subsequent HTTP request is made using a secure channel.
21. The server system of claim 17, wherein the name-value pair includes a user identifier.
22. The server system of claim 17, wherein the name-value pair includes subscription information used by the server system to determine whether a user is authorized to access restricted content.
23. The server system of claim 17, wherein the name-value pair includes information used by the server system to associate a user with one or more items selected for purchase.
24. The server system of claim 17, wherein the name-value pair includes information used by the server system to determine a user's preferences.
25. The server system of claim 17, wherein the HTTP response includes HTML content.
26. A computer-implemented method performed by a hardware client system, the method comprising:
sending a first hypertext transfer protocol (HTTP) request to a server system during a first browsing session, the first browsing session corresponding to a period of time during which a browser application is running on the client system; receiving an HTTP response from the server system, wherein the HTTP response includes an HTTP header, the HTTP header specifying a “Set-Cookie:” text string and including:
a name-value pair;
a domain attribute that specifies a domain for which the name-value pair is valid,
a path attribute that specifies a range of uniform resource locators (URLs) for which the name-value pair is valid in the domain, and
an expiration attribute that specifies a valid life time for the name-value pair;
storing the name-value pair on the client system such that the name-value pair is related to at least the domain attribute and the path attribute; subsequently, determining whether the name-value pair is valid for a URL of a second HTTP request by the client system made during a second browsing session, the second browsing session corresponding to a period of time during which a browser application is running on the client system and differing from the first browsing session, wherein determining whether the name-value pair is valid comprises comparing the URL to the domain attribute and the path attribute, and determining whether the second HTTP request is made at a time within the valid life time; and when the name-value pair is determined to be valid, transmitting the name-value pair within an HTTP header in the second HTTP request according to a “Cookie: NAME=VALUE” format.
27. The method of claim 26, wherein the HTTP header in the HTTP response additionally includes a “secure” label that specifies to the client system that the name-value pair should only be transmitted over a secure communication channel.
28. The method of claim 26, further comprising, on the client system:
subsequent to storing the name-value pair on the client system, receiving a second HTTP header from the server system, the second HTTP header specifying a second name-value pair, a second domain attribute, and a second path attribute; determining whether three conditions are met: (1) a name portion of the second name-value pair matches a name portion of the stored named-value pair, (2) the second domain attribute matches the domain attribute of the stored name-value pair, and (3) the second path attribute matches the path attribute of the stored name-value pair; and when the three conditions are met, overwriting the stored name-value pair on the client system with the second name-value pair.
29. A non-transitory computer-readable medium that stores a browser program which embodies the method of claim 26.
30. The method of claim 26, further comprising:
determining whether the date specified by the expiration attribute is before a current date and deleting the name-value pair from memory when the date specified by the expiration attribute is before a current date.
31. A client system, comprising:
a processing system comprising one or more processors; a memory comprising one or more computer-readable media, the memory containing computer instructions that, when executed by the processing system, cause the client system to perform the operations of:
sending a first hypertext transfer protocol (HTTP) request to a server system during a first browsing session, the first browsing session corresponding to a period of time during which a browser application is running on the client system;
receiving, in response to the first HTTP request, an HTTP response from the server system, wherein the HTTP response includes an HTTP header that specifies a “Set-Cookie:” text string and includes:
a name-value pair;
a domain attribute that specifies a domain for which the name-value pair is valid,
a path attribute that specifies a range of uniform resource locators for which the name-value pair is valid in the domain, and
an expiration attribute that specifies a valid life time for the name-value pair;
storing, in memory, the name-value pair;
sending a second HTTP request to the server system, during a second browsing session, the second browsing session corresponding to a period of time during which a browser application is running on the client system and differing from the first browsing session, wherein the second HTTP request specifies a domain and a resource; and
including the name-value pair in an HTTP header in the second HTTP request according to a “Cookie: NAME=VALUE” format only if:
the domain specified by the second HTTP request is within the domain specified by the domain attribute,
the resource specified by the second HTTP request is within the path specified by the path attribute, and
ullispecified by the expiration attribute.
32. The client system of claim 31, wherein the memory further includes instructions for performing the operation of:
determining whether the date specified by the expiration attribute is before a current date and deleting the name-value pair from memory when the date specified by the expiration attribute is before a current date.
33. The client system of claim 31, wherein:
the HTTP header in the HTTP response further includes a secure attribute that specifies that the name-value pair should be returned by the client system in a subsequent HTTP request only if the subsequent HTTP request is made using a secure channel; and wherein sending the second HTTP request to the server system further comprises: including the name-value pair in the HTTP header in the second HTTP request only if the second HTTP request is made using a secure channel.
34. A computer-implemented method performed by a hardware server system, comprising:
receiving, at the server system, a hypertext transfer protocol (HTTP) request from a client for an HTML document; responding to the HTTP request by transmitting an HTTP response to the client, wherein the HTTP response includes the requested HTML document and an HTTP header, the HTTP header including at least one set-cookie instruction specified by a “Set-Cookie:” text string, wherein the set-cookie instruction includes:
a name-value pair, the name-value pair specifying an assignment of a particular value to a particular name and being specified in the set-cookie instruction by a text string in a “NAME=VALUE” format, wherein the name-value pair includes information descriptive of the requested HTML document; and
attribute information, wherein the attribute information specifies criteria to enable the client to determine whether to return the name-value pair to the server system with a subsequent HTTP request and wherein the attribute information includes:
a domain attribute that specifies a domain for which the name-value pair is valid, the domain being specified in the set-cookie instruction as a text string in a “domain=DOMAIN” format;
a path attribute specifying a range of Uniform Resource Locators (URLs), in a domain of the server system, for which the name-value pair is valid, the path attribute being specified in the set-cookie instruction as a text string in a “path=PATH” format; and
an expiration attribute that specifies a valid life time for the name-value pair, the valid life time specifying the persistent storage of the name-value pair across one or more browser sessions, each browser session corresponding to a period during which a browser application is running on the client, and terminating on a specified date, the expiration attribute being specified in the set-cookie instruction as a text string in a “expires=DATE” format.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.