Programm FrOSCon

SSDS is a novel security concept to protect HTTP session-data on the web/application server. It employs encryption to secure the session-data against unauthorized access. The HTTP Session-ID is used as the encryption key for the stored session-data, so that the session-data can only be accessed while HTTP requests are processed (due to the fact that the Session-ID is unknown to the webserver except during the HTTP request). The cryptographic concepts of SSDS are explained. The reference implementation of SSDS for PHP is presented.