Cookie based session management
First Claim
Patent Images
1. A method for managing sessions in an enterprise environment, the method comprising:
- based on authenticating a client device to access a first application in a computing environment, generating, by a computer system of an access management system, a session cookie that enables the client device to access a feature of a first application in the computing environment, wherein access to the feature of the first application is enabled without establishing a server-based session for the client device in the computing environment;
sending the session cookie to the client device, wherein the client device stores the session cookie to enable the client device to access the feature of the first application;
receiving, at the computer system, a request for the client device to access a feature of a second application in the computing environment;
determining, with one or more processors associated with the computer system, whether access to the feature of the second application is dependent on establishing a server-side session for the client device in the computing environment;
based on determining that the client device is authenticated to access the second application according to the session cookie and based on determining that access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment, instantiating, with the one or more processors associated with the computer system, a server-side session object to establish the server-side session for the client device in the computing environment, wherein the server-side session object enables the client device to access the feature of the second application in the computing environment;
updating, with the one or more processors associated with the computer system, the server-side session object to include an identifier associated with the session cookie that is stored on the client device;
generating with the one or more processors associated with the computer system, a response to the request based on enabling access to the feature of the second application using the server-side session object; and
sending the response to the client device.
1 Assignment
0 Petitions
Accused Products
Abstract
An enterprise software system access manager saves cookies for users'"'"' sessions on client devices but creates server-side sessions on the fly when needed for the users to access certain features, when there is a constraint on the client device, or due to application policies. The server-side session objects can have references to the client-side cookies and can have key-value pairs added to them instead of the associated cookie.
-
Citations
20 Claims
-
1. A method for managing sessions in an enterprise environment, the method comprising:
-
based on authenticating a client device to access a first application in a computing environment, generating, by a computer system of an access management system, a session cookie that enables the client device to access a feature of a first application in the computing environment, wherein access to the feature of the first application is enabled without establishing a server-based session for the client device in the computing environment; sending the session cookie to the client device, wherein the client device stores the session cookie to enable the client device to access the feature of the first application; receiving, at the computer system, a request for the client device to access a feature of a second application in the computing environment; determining, with one or more processors associated with the computer system, whether access to the feature of the second application is dependent on establishing a server-side session for the client device in the computing environment; based on determining that the client device is authenticated to access the second application according to the session cookie and based on determining that access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment, instantiating, with the one or more processors associated with the computer system, a server-side session object to establish the server-side session for the client device in the computing environment, wherein the server-side session object enables the client device to access the feature of the second application in the computing environment; updating, with the one or more processors associated with the computer system, the server-side session object to include an identifier associated with the session cookie that is stored on the client device; generating with the one or more processors associated with the computer system, a response to the request based on enabling access to the feature of the second application using the server-side session object; and sending the response to the client device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 18, 19, 20)
-
-
9. A non-transitory computer-readable medium storing a computer program product which, when executed by a processor of a computer system, causes the processor to:
-
based on authenticating a client device to access a first application in a computing environment, generate, by an access management system, a session cookie that enables the client device to access a feature of a first application in a computing environment, wherein access to the feature of the first application is enabled without establishing a server-based session for the client device in the computing environment; send the session cookie to the client device, wherein the client device stores the session cookie to enable the client device to access the feature of the first application; receive a request for the client device to access a feature of a second application in the computing environment; determine whether access to the feature of the second application is dependent on establishing a server-side session for the client device in the computing environment; based on determining that the client device is authenticated to access the second application according to the session cookie and based on determining that access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment, instantiate a server-side session object to establish the server-side session for the client device in the computing environment, wherein the server-side session object enables the client device to access the feature of the second application in the computing environment; update the server-side session object to include an identifier associated with the session cookie that is stored on the client device; generate a response to the request based on enabling access to the feature of the second application using the server-side session object; and send the response to the client device. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system comprising:
-
a hardware processor; and a memory storing a set of instructions, which when executed by the hardware processor, causes the hardware processor to; based on authenticating a client device to access a first application in a computing environment, generate, by an access management system, a session cookie that enables the client device to access a feature of a first application in a computing environment, wherein access to the feature of the first application is enabled without establishing a server-based session for the client device in the computing environment; send the session cookie to the client device, wherein the client device stores the session cookie to enable the client device to access the feature of the first application; receive a request for the client device to access a feature of a second application in the computing environment; determine whether access to the feature of the second application is dependent on establishing a server-side session for the client device in the computing environment; based on determining that the client device is authenticated to access the second application according to the session cookie and based on determining that access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment, instantiate a server-side session object to establish the server-side session for the client device in the computing environment, wherein the server-side session object enables the client device to access the feature of the second application in the computing environment; update the server-side session object to include an identifier associated with the session cookie that is stored on the client device; generate a response to the request based on enabling access to the feature of the second application using the server-side session object; and send the response to the client device.
-
Specification