Enabling different client contexts to share session information

US 9,578,111 B2
Filed: 06/08/2012
Issued: 02/21/2017
Est. Priority Date: 06/08/2012
Status: Active Grant

First Claim

Patent Images

1. A method for sharing pre-existing session information, the session information representing a session having been established upon authentication of a client to a server in a first client context, the client having a cookie store storing information accessible across multiple client contexts, wherein a context is a client-server operating state with respect to a particular client application, comprising:

receiving a request for a temporary and persistent cookie, the request having been issued by the client in association with a prospective switch from the first client context to a second client context;

in response to the request, associating a unique temporary session identifier with the temporary and persistent cookie, the unique temporary session identifier being distinct from the pre-existing session information that was established upon authentication of the client to the server in the first context;

binding the unique temporary session identifier to the pre-existing session information and the session;

returning to the client, for storage in the cookie store, the temporary and persistent cookie that includes the unique temporary session identifier;

upon a subsequent receipt of the temporary and persistent cookie following an actual switch from the first context to the second context, using the unique temporary session identifier therein to retrieve the pre-existing session information for use by the client in the second context;

upon validating existence of the session represented by the session information, providing the client the session information so that both the first and second client contexts share the session information, the session information provided in a non-persistent cookie; and

in addition to providing the session information in the non-persistent cookie, providing the client an empty temporary session cookie that, upon receipt at the client, clears the temporary and persistent cookie from the cookie store.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The problem of sharing session information across client contexts is addressed by binding initial session information to a persistent, short-lived and one-time use temporary identifier. This identifier is persisted on a client side (e.g., through a cookie jar) that is shared among the different client contexts that can share the original session. This temporary identifier, in turn, allows one or more other sessions to use the original session information by acting as an index into that session information, which is stored on the server side. Preferably, this temporary identifier contains a unique identifier (ID) that is generated as a sufficiently-complex random number. A mapping back to the real session identifier is maintained on the server side for this short-lived ID.

Citations

21 Claims

1. A method for sharing pre-existing session information, the session information representing a session having been established upon authentication of a client to a server in a first client context, the client having a cookie store storing information accessible across multiple client contexts, wherein a context is a client-server operating state with respect to a particular client application, comprising:
- receiving a request for a temporary and persistent cookie, the request having been issued by the client in association with a prospective switch from the first client context to a second client context;
  
  in response to the request, associating a unique temporary session identifier with the temporary and persistent cookie, the unique temporary session identifier being distinct from the pre-existing session information that was established upon authentication of the client to the server in the first context;
  
  binding the unique temporary session identifier to the pre-existing session information and the session;
  
  returning to the client, for storage in the cookie store, the temporary and persistent cookie that includes the unique temporary session identifier;
  
  upon a subsequent receipt of the temporary and persistent cookie following an actual switch from the first context to the second context, using the unique temporary session identifier therein to retrieve the pre-existing session information for use by the client in the second context;
  
  upon validating existence of the session represented by the session information, providing the client the session information so that both the first and second client contexts share the session information, the session information provided in a non-persistent cookie; and
  
  in addition to providing the session information in the non-persistent cookie, providing the client an empty temporary session cookie that, upon receipt at the client, clears the temporary and persistent cookie from the cookie store.
- View Dependent Claims (2, 3, 4, 5, 6, 19)
- - 2. The method as described in claim 1 wherein validating existence of the session includes:
    - determining when the session identified by the session information has expired,when the session identified by the session information has not expired, de-associating the unique temporary session identifier and the session information.
  - 3. The method as described in claim 1 wherein the session information is sent to the client in a non-persistent cookie.
  - 4. The method as described in claim 1 wherein the unique temporary session identifier is a random number.
  - 5. The method as described in claim 1 wherein the temporary and persistent cookie is a one-time use cookie.
  - 6. The method as described in claim 1 wherein the temporary and persistent cookie has a lifetime that is less than a lifetime of the session information.
  - 19. The method as described in claim 1 wherein the unique temporary session identifier is maintained in a mapping table of unique temporary session identifiers, the mapping table being distinct from a data store that stores the session information, and wherein the method further includes executing a clean-up of the mapping table of unique temporary session identifiers to remove expired or used entries.

7. Apparatus, comprising:
- a processor;
  
  a data store;
  
  computer memory holding computer program instructions executed by the processor for sharing pre-existing session information, the session information representing a session having been established upon authentication of a client to a server in a first client context, the client having a cookie store storing information accessible across multiple client contexts, wherein a context is a client-server operating state with respect to a particular client application, by;
  
  receiving a request for a temporary and persistent cookie, the request having been issued by the client in association with a prospective switch from the first client context to a second client context;
  
  in response to the request, associating a unique temporary session identifier with the temporary and persistent cookie, the unique temporary session identifier being distinct from the pre-existing session information that was established upon authentication of the client to the server in the first context;
  
  binding the unique temporary session identifier with the pre-existing session information and the session;
  
  returning to the client, for storage in the cookie store, the temporary and persistent cookie that includes the unique temporary session identifier;
  
  upon a subsequent receipt of the temporary and persistent cookie following an actual switch from the first context to the second context, using the unique temporary session identifier therein to retrieve the pre-existing session information for use by the client in the second context;
  
  upon validating existence of the session represented by the session information, providing the client the session information so that both the first and second client contexts share the session information, the session information provided in a non-persistent cookie; and
  
  in addition to providing the session information in the non-persistent cookie, providing the client an empty temporary session cookie that, upon receipt at the client, clears the temporary and persistent cookie from the cookie store.
- View Dependent Claims (8, 9, 10, 11, 12, 20)
- - 8. The apparatus as described in claim 7 wherein validating existence of the session further includes:
    - determining when the session identified by the session information has expired,when the session identified by the session information has not expired, de-associating the unique temporary session identifier and the session information.
  - 9. The apparatus as described in claim 7 wherein the session information is sent to the client in a non-persistent cookie.
  - 10. The apparatus as described in claim 7 wherein the unique temporary session identifier is a random number.
  - 11. The apparatus as described in claim 7 wherein the temporary and persistent cookie is a one-time use cookie.
  - 12. The apparatus as described in claim 7 wherein the temporary and persistent cookie has a lifetime that is less than a lifetime of the session information.
  - 20. The apparatus as described in claim 7 wherein the unique temporary session identifier is maintained in a mapping table of unique temporary session identifiers, the mapping table being distinct from a data store that stores the session information, and wherein the computer program instructions also execute a clean-up of the mapping table of unique temporary session identifiers to remove expired or used entries.

13. A computer program product in a non-transitory computer readable storage medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, perform operations for sharing pre-existing session information, the session information representing a session having been established upon authentication of a client to a server in a first client context, the client having a cookie store storing information accessible across multiple client contexts, wherein a context is a client-server operating state with respect to a particular client application, the operations comprising:
- receiving a request for a temporary and persistent cookie, the request having been issued by the client in association with a prospective switch from the first client context to a second client context;
  
  in response to the request, associating a unique temporary session identifier with the temporary and persistent cookie, the unique temporary session identifier being distinct from the pre-existing session information that was established upon authentication of the client to the server in the first context;
  
  binding the unique temporary session identifier with the pre-existing session information and the session;
  
  returning to the client, for storage in the cookie store, the temporary and persistent cookie that includes the unique temporary session identifier;
  
  upon a subsequent receipt of the temporary and persistent cookie following an actual switch from the first context to the second context, using the unique temporary session identifier therein to retrieve the pre-existing session information for use by the client in the second context;
  
  upon validating existence of the session represented by the session information, providing the client the session information so that both the first and second client contexts share the session information, the session information provided in a non-persistent cookie; and
  
  in addition to providing the session information in the non-persistent cookie, providing the client an empty temporary session cookie that, upon receipt the client, clears the temporary and persistent cookie from the cookie store.
- View Dependent Claims (14, 15, 16, 17, 18, 21)
- - 14. The computer program product as described in claim 13 wherein validating existence of the session includes further includes:
    - determining when the session identified by the session information has expired,when the session identified by the session information has not expired, de-associating the unique temporary session identifier and the session information.
  - 15. The computer program product as described in claim 13 wherein the session information is sent to the client in a non-persistent cookie.
  - 16. The computer program product as described in claim 13 wherein the unique temporary session identifier is a random number.
  - 17. The computer program product as described in claim 13 wherein the temporary and persistent cookie is a one-time use cookie.
  - 18. The computer program product as described in claim 13 wherein the temporary and persistent cookie has a lifetime that is less than a lifetime of the session information.
  - 21. The computer program product as described in claim 13 wherein the unique temporary session identifier is maintained in a mapping table of unique temporary session identifiers, the mapping table being distinct from a data store that stores the session information, and wherein the operations further include executing a clean-up of the mapping table of unique temporary session identifiers to remove expired or used entries.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Kasivajjula, Bhavan Kumar, Exton, Scott Anthony, Robinson, Keiran
Primary Examiner(s)
Dennison, Jerry

Application Number

US13/491,706
Publication Number

US 20130332618A1
Time in Patent Office

1,719 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 67/142 Managing session states for...

H04L 67/146 Markers for unambiguous ide...

Enabling different client contexts to share session information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Enabling different client contexts to share session information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links