Systems and methods for performing url closure check in distributed systems

We claim: 1 . A method comprising: receiving, by device intermediary between a client and a server, a first request from the client that includes a first resource of the server; adding, by the device, the first resource to an accessed-resource list of a session between the client and the server; receiving, by the device, a response from the server to the first request, that includes a second resource; incorporating, by the device, a mapping between an indication of the second resource and the first resource, to a shared data structure; receiving, by the device within the session, a second request that includes a third resource of the server; and determining, by the device, to allow the server to receive the second request when an indication of the third resource is mapped to at least one resource in the shared data structure that is present in the accessed-resource list. 2 . The method of claim 1 , comprising: determining, by the device, to prevent the server from receiving the second request when the at least one resource is absent in at least one of: the shared data structure or the accessed-resource list. 3 . The method of claim 1 , comprising: determining, by the device, that the second request is malicious or potentially malicious when the at least one resource is absent in at least one of: the shared data structure or the accessed-resource list. 4 . The method of claim 1 , comprising: establishing, by the device, a session identifier for the session; and communicating, by the device to the client, the response including a set-cookie command with the session identifier. 5 . The method of claim 4 , comprising: receiving, by the device, the second request, the second request including a cookie with the session identifier; and accessing, by the device, the accessed-resource list of the session according to the session identifier. 6 . The method of claim 5 , comprising: determining, by the device, the session identifier from the second request; and validating, by the device, the session identifier determined from the second request. 7 . The method of claim 1 , wherein the shared data structure includes one-to-many mappings between resources associated with a plurality of sessions. 8 . The method of claim 1 , comprising: parsing, by the device, the first resource from the first request; and communicating, by the device, the first request to the server after parsing the first resource from the first request. 9 . The method of claim 1 , comprising: adding, by the device, the third resource to the accessed-resource list of the session between the client and the server; receiving, by the device, a response from the server to the second request, that includes a fourth resource; and incorporating, by the device, a mapping between an indication of the fourth resource and the third resource, to the shared data structure. 10 . A device, comprising: at least one processor configured to: receive a first request from a client that includes a first resource of a server; add the first resource to an accessed-resource list of a session between the client and the server; receive a response from the server to the first request, that includes a second resource; incorporate a mapping between an indication of the second resource and the first resource, to a shared data structure; receive a second request that includes a third resource of the server within the session; and determine to allow the server to receive the second request when an indication of the third resource is mapped to at least one resource in the shared data structure that is present in the accessed-resource list. 11 . The device of claim 10 , wherein the at least one processor is configured to: determine to prevent the server from receiving the second request when the at least one resource is absent in at least one of: the shared data structure or the accessed-resource list. 12 . The device of claim 10 , wherein the at least one processor is configured to: determine that the second request is malicious or potentially malicious when the at least one resource is absent in at least one of: the shared data structure or the accessed-resource list. 13 . The device of claim 10 , wherein the at least one processor is configured to: establish a session identifier for the session; and communicate the response including a set-cookie command with the session identifier to the client. 14 . The device of claim 13 , wherein the at least one processor is configured to: receive the second request, the second request including a cookie with the session identifier; and access the accessed-resource list of the session according to the session identifier. 15 . The device of claim 14 , wherein the at least one processor is configured to: determine the session identifier from the second request; and validate the session identifier determined from the second request. 16 . The device of claim 10 , wherein the shared data structure includes one-to-many mappings between resources associated with a plurality of sessions. 17 . The device of claim 10 , wherein the at least one processor is configured to: parse the first resource from the first request; and communicate the first request to the server after parsing the first resource from the first request. 18 . The device of claim 10 , wherein the at least one processor is configured to: add the third resource to the accessed-resource list of the session between the client and the server; receive a response from the server to the second request, that includes a fourth resource; and incorporate a mapping between an indication of the fourth resource and the third resource, to the shared data structure. 19 . A non-transitory computer readable medium storing program instructions for causing at least one processor of a device to: receive a first request from a client that includes a first resource of a server; add the first resource to an accessed-resource list of a session between the client and the server; receive a response from the server to the first request, that includes a second resource; incorporate a mapping between an indication of the second resource and the first resource, to a shared data structure; receive a second request that includes a third resource of the server within the session; and determine to allow the server to receive the second request when an indication of the third resource is mapped to at least one resource in the shared data structure that is present in the accessed-resource list. 20 . The non-transitory computer readable medium of claim 19 , wherein the program instructions cause the at least one processor to: establish a session identifier for the session; and communicate the response including a set-cookie command with the session identifier to the client.