Global unified session identifier across multiple data centers
First Claim
1. A method of organizing sessions using a global session identifier across a plurality of data centers, the method comprising:
- receiving, at a first data center, a request for a resource from a client device;
creating, by a computer system of the first data center, a first session associated with a user of the client device at the first data center, the first session comprising at least an authentication state of the first user with respect to the resource;
generating, by the computer system of the first data center, a first session identifier identifying the first session associated with the user;
receiving, by the computer system of the first data center, a second session identifier from a second data center, the second session identifier identifying a second session associated with the user at the second data center, the second session comprising at least an authentication state of the user with respect to one or more resources associated with the second data center, wherein the second data center is different from the first data center;
in response to receiving the second session identifier from the second data center, assigning, by the computer system of the first data center, the second session identifier as a global session identifier, the global session identifier being associated with any session that is associated with the user, wherein execution of one or more session actions that reference the global session identifier is performed at the first data center to the first session and at the second data center to the second session; and
based on assigning the second session identifier as the global session identifier, mapping the first session identifier to the global session identifier to associate the first session with the global session identifier.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed for using a global unified session identifier across data centers. When a user first accesses a data center and an initial session is created for the user in the data center, a session identifier is generated for the user session. Because the initial session is the first session created for that user, the initial session identifier is designated as the global unified session identifier for all sessions that may be created for the user in other data centers within the enterprise network. Other data centers may then map the global unified session identifiers to locally generated session identifiers for the user. Using a global unified session identifier enables various user session actions to be performed globally across the data centers, including global logout, global session termination, global session updates, and/or the like. Using a global unified session identifier also prevents the risk of collision that can occur between randomly generated numbers of different data centers.
155 Citations
20 Claims
-
1. A method of organizing sessions using a global session identifier across a plurality of data centers, the method comprising:
-
receiving, at a first data center, a request for a resource from a client device; creating, by a computer system of the first data center, a first session associated with a user of the client device at the first data center, the first session comprising at least an authentication state of the first user with respect to the resource; generating, by the computer system of the first data center, a first session identifier identifying the first session associated with the user; receiving, by the computer system of the first data center, a second session identifier from a second data center, the second session identifier identifying a second session associated with the user at the second data center, the second session comprising at least an authentication state of the user with respect to one or more resources associated with the second data center, wherein the second data center is different from the first data center; in response to receiving the second session identifier from the second data center, assigning, by the computer system of the first data center, the second session identifier as a global session identifier, the global session identifier being associated with any session that is associated with the user, wherein execution of one or more session actions that reference the global session identifier is performed at the first data center to the first session and at the second data center to the second session; and based on assigning the second session identifier as the global session identifier, mapping the first session identifier to the global session identifier to associate the first session with the global session identifier. - View Dependent Claims (2, 3, 4, 5, 6, 18, 19, 20)
-
-
7. A system of a first data center, comprising:
-
a memory storing a plurality of instructions; and one or more processors that, upon executing the plurality of instructions, are configured to; receive a request for a resource from a client device; create a first session associated with a user of the client device at the first data center, the first session comprising at least an authentication state of the user with respect to the resource; generate a first session identifier identifying the first session associated with the user; receive a second session identifier from a second data center, the second session identifier identifying a second session associated with the user at the second data center, the second session comprising at least an authentication state of the user with respect to one or more resources associated with the second data center, wherein the second data center is different from the first data center; and in response to receiving the second session identifier from the second data center, assign the second session identifier as a global session identifier, the global session identifier being associated with any session that is associated with the user, wherein execution of one or more session actions that reference the global session identifier is performed at the first data center to the first session and at the second data center to the second session. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable medium storing a plurality of instructions executable by one or more processors of a first data center to cause the one or more processors to:
-
receive a request for a resource from a client device; create a first session associated with a user of the client device at the first data center, the first session comprising at least an authentication state of the user with respect to the resource; generate a first session identifier identifying the first session associated with the user; receive a second session identifier from a second data center, the second session identifier identifying a second session of the user at the second data center, the second session comprising at least an authentication state of the user with respect to one or more resources associated with the second data center, wherein the second data center is different from the first data center; and in response to receiving the second session identifier from the second data center, assign the second session identifier as a global session identifier, the global session identifier being associated with any session that is associated with the user, wherein execution of one or more session actions that reference the global session identifier is performed at the first data center to the first session and at the second data center to the second session. - View Dependent Claims (15, 16, 17)
-
Specification