Methods and apparatuses in a client terminal (400) and a web server (402) for enabling safe communication between said terminal and server. When the terminal obtains a web page from the server in a session, the terminal creates a context specific key, Ks_NAF', based on one or more context parameters, P1,...Pn, pertaining to said session and/or web page. The terminal then indicates the context specific key in a login request to the server, and the server determines a context specific key, Ks_NAF', in the same manner to verify the client if the context specific key determined in the web server matches the context specific key received from the client terminal. The context specific key is thus bound to and valid for the present context or session only and cannot be used in other contexts or sessions.