Inter-application management of user credential data
First Claim
Patent Images
1. A method, comprising:
- providing, with a hardware computing device, at least one of two security framework configurations, wherein a first configuration utilizes a cookie and a second configuration utilizes server-side storage;
performing user authorization, with the hardware computing device, using at least one of the two security framework configurations, wherein performing the user authorizations with the cookie includes providing a cookie stored on the hardware computing device and the server-side storage includes storing developer-defined user information (DDUI), wherein the DDUI comprises at least a user identifier for on-demand database service;
wherein when using the cookie to perform user authorizations, each time a user makes a request the cookie is sent for authentication purposes to provide re-authentication with each request, wherein either the user is recognized because the cookie or a session context containing a security token was provided, or the user is not recognized and diverted to a security handshake, or a token request is utilized to obtain a session identifier, API endpoint and authentication token;
wherein when using the server-side storage, the hardware computing device is configured to not write locally to an application memory, but instead to access a shared session cache, where each of a plurality of servers are to be given access to a specific session cache; and
wherein performing the user authorizations is done through a client web application executed by a hardware computing device to allow access to an on-demand database service.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and apparatus for enhancing the functionality and utility of an authentication process for web applications is disclosed.
144 Citations
13 Claims
-
1. A method, comprising:
-
providing, with a hardware computing device, at least one of two security framework configurations, wherein a first configuration utilizes a cookie and a second configuration utilizes server-side storage; performing user authorization, with the hardware computing device, using at least one of the two security framework configurations, wherein performing the user authorizations with the cookie includes providing a cookie stored on the hardware computing device and the server-side storage includes storing developer-defined user information (DDUI), wherein the DDUI comprises at least a user identifier for on-demand database service; wherein when using the cookie to perform user authorizations, each time a user makes a request the cookie is sent for authentication purposes to provide re-authentication with each request, wherein either the user is recognized because the cookie or a session context containing a security token was provided, or the user is not recognized and diverted to a security handshake, or a token request is utilized to obtain a session identifier, API endpoint and authentication token; wherein when using the server-side storage, the hardware computing device is configured to not write locally to an application memory, but instead to access a shared session cache, where each of a plurality of servers are to be given access to a specific session cache; and wherein performing the user authorizations is done through a client web application executed by a hardware computing device to allow access to an on-demand database service. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A multi-tenant database system, comprising:
-
a group of hardware computing devices providing a database system to store data for each of multiple tenants; an application server communicably coupled to the database system and to a network, the application server to provide at least one of two security framework configurations, wherein a first configuration utilizes a cookie and a second configuration utilizes server-side storage, to perform user authorization using at least one of the two security framework configurations, wherein performing the user authorizations with the cookie includes providing the cookie stored on the hardware computing device and the server-side storage includes storing developer-defined user information (DDUI), wherein the DDUI comprises at least a user identifier for the on-demand database service, wherein when using the cookie to perform user authorizations, each time a user makes a request the cookie is sent for authentication purposes to provide re-authentication with each request, wherein either the user is recognized because the cookie or a session context containing a security token was provided, or the user is not recognized and diverted to a security handshake, or a token request is utilized to obtain a session identifier, API endpoint and authentication token, and wherein when using the server-side storage, the hardware computing device is configured to not write locally to an application memory, but instead to access a shared session cache, where each of a plurality of servers are to be given access to a specific session cache, and wherein performing the user authorizations is done through a client web application executed by a hardware computing device to allow access to an on-demand database service.
-
-
8. A non-transitory machine-readable medium carrying one or more sequences of instructions for implementing a method for providing an interface for object relationships, comprising:
-
performing user authorization, with the hardware computing device, using at least one of the two security framework configurations, wherein performing the user authorizations with the cookie includes providing a cookie stored on the hardware computing device and the server-side storage includes storing developer-defined user information (DDUI), wherein the DDUI comprises at least a user identifier for on-demand database service; wherein when using the cookie to perform user authorizations, each time a user makes a request the cookie is sent for authentication purposes to provide re-authentication with each request, wherein either the user is recognized because the cookie or a session context containing a security token was provided, or the user is not recognized and diverted to a security handshake, or a token request is utilized to obtain a session identifier, API endpoint and authentication token; wherein when using the server-side storage, the hardware computing device is configured to not write locally to an application memory, but instead to access a shared session cache, where each of a plurality of servers are to be given access to a specific session cache; and wherein performing the user authorizations is done through a client web application executed by a hardware computing device to allow access to an on-demand database service. - View Dependent Claims (9, 10, 11, 12, 13)
-
Specification