An example method may include receiving, at a session key service, a first session key and a first public key of a client device to be authenticated to a web server. The first session key being encrypted by the client device using a second public key of the web server. The web server is a subscriber of the session key service hosted in a cloud-based environment. The method may also include decrypting, using a first private key of the web server, the first session key to obtain a plaintext session key, encrypting the plaintext session key using the first public key of the client device to generate a second session key, and sending the second session key to the web server to facilitate a decryption of the second session key by the client device for an authentication of the client device to the web server.