Binding digitally signed requests to sessions

What is claimed is: 1. A computer-implemented method, comprising: establishing a cryptographically protected communications session; after the cryptographically protected communications session is established, receiving, from a client over the cryptographically protected communications session, a request and a digital signature, the request including a parameter specific to a cryptographically protected communications session over which the request was submitted; determining whether the cryptographically protected communications session is the same as the cryptographically protected communications session over which the request was submitted by at least: determining information specific to the cryptographically protected communications session; determining whether the information specific to the cryptographically protected communications session matches the parameter specific to the cryptographically protected communications session over which the request was submitted; accessing a cryptographic key registered prior to establishment of the cryptographically protected communications session and in association with the client; and determining, based at least in part on the request and the cryptographic key, whether the digital signature is valid; and as a result of both the digital signature being valid and the information specific to the cryptographically protected communications session matching the parameter specific to the cryptographically protected communications session over which the request was submitted: generating a response to the request; using the cryptographic key to generate a digital signature of the response; and transmitting the generated response and the generated digital signature to the client over the cryptographically protected communications session. 2. The computer-implemented method of claim 1 , wherein the information specific to the cryptographically protected communications session is based at least in part on a secret negotiated as part of a handshake process to establish the cryptographically protected communications session. 3. The computer-implemented method of claim 2 , wherein determining whether the information specific to the cryptographically protected communications session matches the parameter specific to the cryptographically protected communications session over which the request was submitted comprises deriving a reference parameter specific to the cryptographically protected communications session from the secret. 4. The computer-implemented method of claim 1 , wherein the cryptographically protected communications session is a transport layer security session. 5. A system, comprising at least one computing device configured to implement one or more services, the one or more services configured to: receive, over an established cryptographically protected communications session, a digital signature and a request associated with a client; obtain, prior to establishment of the established cryptographically protected communications session, a cryptographic key associated with the client; perform, based at least in part on the request, the cryptographic key, and the digital signature, a verification of whether the request was transmitted from the client to the system over the established cryptographically protected communications session; and perform one or more mitigating actions if the verification results in the request being transmitted from the client to the system over the established cryptographically protected communications session being unverified. 6. The system of claim 5 , wherein: the one or more services are further configured to determine information specific to the established cryptographically protected communications session; and the verification includes determining whether the determined information specific to the established cryptographically protected communications session matches a parameter in the request. 7. The system of claim 6 , wherein the verification further comprises determining, based at least in part on the cryptographic key and the request, whether the digital signature is valid. 8. The system of claim 5 , wherein the cryptographic key is shared as a secret between the client and the system prior to establishment of the established cryptographically protected communications session. 9. The system of claim 5 , wherein the verification includes determining whether information resulting from a handshake process for establishing the established cryptographically protected communications session matches a parameter in the request. 10. The system of claim 5 , wherein the one or more services are further configured such that successful verification that the request was transmitted from the client to the system over the established cryptographically protected communications session and successful verification of the digital signature are prerequisites for fulfilling the request. 11. The system of claim 5 , wherein the one or more services are further configured to: if determined that the digital signature is valid and that the request was transmitted from the client to the system over the established cryptographically protected communications session: determine a response to the request; and digitally sign the response to the request using a cryptographic key that is independent of the established cryptographically protected communications session. 12. The system of claim 11 , wherein: the cryptographic key that is associated with the client and the cryptographic key that is registered to the client independent of the established cryptographically protected communications session are a same symmetric cryptographic key. 13. The system of claim 5 , wherein the one or more mitigating actions include digitally signing a denial of the request using a cryptographic key that is independent of the established cryptographically protected communications session. 14. A non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least: establish a cryptographically protected communications session; after establishment of the cryptographically protected communications session, determine information usable to distinguish the established cryptographically protected communications session from other cryptographically protected communications session; digitally sign a request that includes the determined information using a cryptographic key obtained prior to establishment of the cryptographically protected communications session, thereby generating a digital signature; and transmit the request and the digital signature over the cryptographically protected communications session. 15. The non-transitory computer-readable storage medium of claim 14 , wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computer system to: receive a response to the request and a digital signature; verify the digital signature using the cryptographic key; and process the received response dependent on whether the digital signature is verified as valid. 16. The non-transitory computer-readable storage medium of claim 14 , wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computer system to: determine information specific to the request; generate the request to include the determined information specific to the request; and verify, based at least in part on the deter