System and method for managing user session meta-data in a reverse proxy

US 20060026286A1
Filed: 07/06/2004
Published: 02/02/2006
Est. Priority Date: 07/06/2004
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method of managing user session data in a reverse proxy located between an origin server and one or more users, the method comprising at the reverse proxy:

detecting a login to the origin server by a user;

retrieving user session meta-data from one or more communications exchanged between the user and the origin server, said meta-data including;

a user identifier configured to identify the user; and

a session identifier configured to identify a user session established for the user on the origin server; and

detecting a termination of the user session.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for detecting and managing user session meta-data at a reverse proxy server. The reverse proxy server is logically located between one or more origin servers and any number of users. The reverse proxy server detects the establishment and tearing down of a user session, and any expiration associated with the user session. The reverse proxy server identifies the creation of a session from the pattern and/or content of communications between a user and an origin server, and associates the user (e.g., by username or user ID) with the session (e.g., session ID or cookie). A user session table may be populated with an entry for each observed session. Tear down of a session may be detected by identifying an explicit user logout or a session termination by the origin server.

Citations

28 Claims

1. A computer-implemented method of managing user session data in a reverse proxy located between an origin server and one or more users, the method comprising at the reverse proxy:
- detecting a login to the origin server by a user;
  
  retrieving user session meta-data from one or more communications exchanged between the user and the origin server, said meta-data including;
  
  a user identifier configured to identify the user; and
  
  a session identifier configured to identify a user session established for the user on the origin server; and
  
  detecting a termination of the user session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, further comprising:
    - recording said meta-data at the reverse proxy.
  - 3. The method of claim 2, wherein said meta-data further comprises:
    - an expiration associated with the user session.
  - 4. The method of claim 1, further comprising:
    - detecting an expiration associated with the user session.
  - 5. The method of claim 4, further comprising:
    - intercepting one or more communications directed from the user to the origin server; and
      
      prior to the expiration, notifying the origin server that the user session is active.
  - 6. The method of claim 5, wherein said notifying comprises:
    - forwarding to the origin server a communication from the user.
  - 7. The method of claim 6, wherein the reverse proxy is configured to intercept the communication, but forwards the communication to the origin server to prevent application of the expiration.
  - 8. The method of claim 6, wherein said forwarding comprises:
    - identifying the origin server as the origin server maintaining server-side state information for the user session.
  - 9. The method of claim 1, further comprising:
    - assigning an expiration to the session.
  - 10. The method of claim 1, wherein said detecting a login comprises:
    - detecting a communication from the user toward the origin server that matches a pattern of a login request.
  - 11. The method of claim 1, wherein said pattern comprises a predetermined URL (Uniform Resource Locator).
  - 12. The method of claim 1, wherein said detecting a login comprises:
    - detecting a communication from the origin server toward the user that matches a pattern of a response to a successful login.
  - 13. The method of claim 1, wherein said detecting a login comprises:
    - detecting a login communication transmitted from the user toward the origin server; and
      
      detecting a response to the login communication transmitted from the origin server toward the user.
  - 14. The method of claim 13, wherein said retrieving comprises:
    - retrieving the user identifier from the login communication; and
      
      retrieving the session identifier from the response to the login communication.

15. A computer readable medium storing instructions that, when executed by a computer, cause the computer to perform a method of managing user session data in a reverse proxy located between an origin server and one or more users, the method comprising at the reverse proxy:
- detecting a login to the origin server by a user;
  
  retrieving user session meta-data from one or more communications exchanged between the user and the origin server, said meta-data including;
  
  a user identifier configured to identify the user; and
  
  a session identifier configured to identify a user session established for the user on the origin server; and
  
  detecting a termination of the user session.

16. A computer-implemented method of managing user session data at a reverse proxy, the method comprising:
- storing, on the reverse proxy, user session meta-data corresponding to a first user session established on a first origin server for a first user;
  
  caching a first data object on the reverse proxy;
  
  caching access control information associated with the first data object;
  
  receiving a first request for the first data object;
  
  associating the first request with the first user by said user session meta-data; and
  
  applying said access control information to determine whether to serve the first data object to the first user in response to the first request.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The method of claim 16, further comprising, prior to said storing user session meta-data:
    - extracting said user session meta-data from one or more communications directed between the first user and the first origin server.
  - 18. The method of claim 17, further comprising, prior to said extracting said user session meta-data:
    - analyzing the one or more communications to determine if;
      
      the one or more communications match a predetermined pattern;
      
      or content from the one or more communications matches a predetermined pattern.
  - 19. The method of claim 16, further comprising, prior to said storing user session meta-data:
    - receiving said user session meta-data from the first origin server.
  - 20. The method of claim 16, further comprising:
    - receiving notification that said access control information is invalid; and
      
      invalidating said cached access control information.
  - 21. The method of claim 16, further comprising:
    - identifying an origin server as the origin server maintaining server-side state information regarding the first user session; and
      
      forwarding the first request to the identified origin server.

22. A computer readable medium storing instructions that, when executed by a computer, cause the computer to perform a method of managing user session data at a reverse proxy, the method comprising:
- storing, on the reverse proxy, user session meta-data corresponding to a first user session established on a first origin server for a first user;
  
  caching a first data object on the reverse proxy;
  
  caching access control information associated with the first data object;
  
  receiving a first request for the first data object;
  
  associating the first request with the first user by said user session meta-data; and
  
  applying said access control information to determine whether to serve the first data object to the first user in response to the first request.

23. A reverse proxy server configured to manage user session data, comprising:
- a user session table configured to store meta-data for a user session on an origin server, said meta-data including;
  
  a user identifier configured to identify a user having the user session; and
  
  a session identifier configured to identify the user session; and
  
  a user session management module configured to;
  
  retrieve the user identifier and the session identifier from one or more communications between the user and the origin server; and
  
  maintain said user session table.
- View Dependent Claims (24, 25, 26, 27, 28)
- - 24. The reverse proxy server of claim 23, further comprising:
    - a traffic analyzer configured to monitor communications between the origin server and the user.
  - 25. The reverse proxy server of claim 23, further comprising:
    - a traffic analyzer configured to analyze communications between the origin server and the user to detect one or more of;
      
      establishment of the user session;
      
      an expiration time associated with the user session; and
      
      tear-down of the user session.
  - 26. The reverse proxy server of claim 23, further comprising:
    - a traffic analyzer configured to analyze communications between the origin server and the user to detect one or more of;
      
      a login, from the user toward the origin server;
      
      a response to a successful login, from the origin server toward the user;
      
      a logout, from the user toward the origin server; and
      
      a session termination, from the origin server toward the user.
  - 27. The reverse proxy server of claim 23, wherein said meta-data stored in said user session table further includes:
    - an expiration time associated with the user session.
  - 28. The reverse proxy server of claim 23, wherein the user session management module is configured to ensure that the origin server is notified that the user session is active prior to an expiration associated with the user session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Lei, Ming, Desai, Ajay, Jacobs, Lawrence, Goell, Fredric

Application Number

US10/885,300
Publication Number

US 20060026286A1
Time in Patent Office

Days
Field of Search
US Class Current

709/227
CPC Class Codes

G06F 12/0813   with a network or matrix co...

G06F 12/0875   with dedicated cache, e.g. ...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/101   Access control lists [ACL]

H04L 63/20   for managing network securi...

H04L 67/14   Session management for real...

H04L 67/142   Managing session states for...

H04L 67/145   avoiding end of session, e....

H04L 67/56   Provisioning of proxy servi...

H04L 67/564   Enhancement of application ...

H04L 67/568   Storing data temporarily at...

System and method for managing user session meta-data in a reverse proxy

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for managing user session meta-data in a reverse proxy

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links