@techreport{salgueiro-secure-state-management-06,
    number =    {draft-salgueiro-secure-state-management-06},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-salgueiro-secure-state-management/06/},
    author =    {Gonzalo Salgueiro and Paul Jones},
    title =     {{Securing HTTP State Management Information}},
    pagetotal = 18,
    year =      2012,
    month =     feb,
    day =       19,
    abstract =  {Virtually every application on the web today that allows a user to log in or manipulate information stored on a server maintains some form of state management information. Usually, the session context is established through the use of a Uniform Resource Locator (URL) parameter or a Hypertext Transfer Protocol (HTTP) cookie that identifies the session. Without the use of Transport Layer Security (TLS), such an information exchange introduces a security risk. For a variety of reasons, TLS may not be desired or preferred in all situations and, in those cases, users are left vulnerable. This memo provides a simple method for enabling secure exchange of state management information through HTTP in situations where TLS is not employed.},
}