Apparatus and method for providing global session persistence
First Claim
1. A method for sharing data between first and second software applications during a user session, the method comprising the steps of:
- a user providing authorization data to the first software application;
the first software application storing the authorization data in a trusted section of the global data cache, the first software application storing application data in at least one of a protected section and an unprotected section of the global data cache;
the second software application requesting verification that the user is authorized to access the second software application;
reading the authorization data from the trusted area of the global data cache;
determining from the read authorization data whether the user is authorized to access the second software application;
if the user is authorized to access the second software application, allowing the user to access the second software application;
if the user is not authorized to access the data in the global data cache, denying the user access to the second software application; and
invalidating the data in the global data cache corresponding to the user session after the user session terminates.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus and method provide persistent data during a user session on a networked computer system. A global data cache is divided into three sections: trusted, protected, and unprotected. An authorization mechanism stores and retrieves authorization data from the trusted section of the global data store. A common session manager stores and retrieves data from the protected and unprotected sections of the global data cache. Using the authorization mechanism, software applications may verify that a user is authorized without prompting the user for authorization information. Using the common session manager, software applications may store and retrieve data to and from the global data store, allowing the sharing of data during a user session. After the user session terminates, the data in the global data cache corresponding to the user session is invalidated.
19 Citations
3 Claims
-
1. A method for sharing data between first and second software applications during a user session, the method comprising the steps of:
-
a user providing authorization data to the first software application; the first software application storing the authorization data in a trusted section of the global data cache, the first software application storing application data in at least one of a protected section and an unprotected section of the global data cache; the second software application requesting verification that the user is authorized to access the second software application; reading the authorization data from the trusted area of the global data cache; determining from the read authorization data whether the user is authorized to access the second software application; if the user is authorized to access the second software application, allowing the user to access the second software application; if the user is not authorized to access the data in the global data cache, denying the user access to the second software application; and invalidating the data in the global data cache corresponding to the user session after the user session terminates. - View Dependent Claims (2, 3)
-
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsCasazza, James
-
Primary Examiner(s)Sparks; Doanld
-
Assistant Examiner(s)BRADLEY, MATTHEW A
-
Application NumberUS10/231,678Publication NumberTime in Patent Office2,112 DaysField of Search345/733, 345/741, 345/557, 707/9, 709/213, 709/312, 711/126, 711/129, 711/130, 711/133, 711/134, 711/135, 711/156, 711/163, 711/166, 713/151, 713/153, 713/166, 713/182, 713/200US Class Current711/129CPC Class CodesG06F 12/0891 using clearing, invalidatin...G06F 12/1466 Key-lock mechanismG06F 21/62 Protecting access to data v...G06F 21/78 to assure secure storage of...H04L 63/0815 providing single-sign-on or...H04L 67/5682 Policies or rules for updat...Y10S 707/99939 Privileged access
