Cookie based session management

US 9,866,640 B2
Filed: 09/19/2014
Issued: 01/09/2018
Est. Priority Date: 09/20/2013
Status: Active Grant

First Claim

Patent Images

1. A method for managing sessions in an enterprise environment, the method comprising:

based on authenticating a client device to access a first application in a computing environment, generating, by a computer system of an access management system, a session cookie that enables the client device to access a feature of a first application in the computing environment, wherein access to the feature of the first application is enabled without establishing a server-based session for the client device in the computing environment;

sending the session cookie to the client device, wherein the client device stores the session cookie to enable the client device to access the feature of the first application;

receiving, at the computer system, a request for the client device to access a feature of a second application in the computing environment;

determining, with one or more processors associated with the computer system, whether access to the feature of the second application is dependent on establishing a server-side session for the client device in the computing environment;

based on determining that the client device is authenticated to access the second application according to the session cookie and based on determining that access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment, instantiating, with the one or more processors associated with the computer system, a server-side session object to establish the server-side session for the client device in the computing environment, wherein the server-side session object enables the client device to access the feature of the second application in the computing environment;

updating, with the one or more processors associated with the computer system, the server-side session object to include an identifier associated with the session cookie that is stored on the client device;

generating with the one or more processors associated with the computer system, a response to the request based on enabling access to the feature of the second application using the server-side session object; and

sending the response to the client device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An enterprise software system access manager saves cookies for users'"'"' sessions on client devices but creates server-side sessions on the fly when needed for the users to access certain features, when there is a constraint on the client device, or due to application policies. The server-side session objects can have references to the client-side cookies and can have key-value pairs added to them instead of the associated cookie.

Citations

20 Claims

1. A method for managing sessions in an enterprise environment, the method comprising:
- based on authenticating a client device to access a first application in a computing environment, generating, by a computer system of an access management system, a session cookie that enables the client device to access a feature of a first application in the computing environment, wherein access to the feature of the first application is enabled without establishing a server-based session for the client device in the computing environment;
  
  sending the session cookie to the client device, wherein the client device stores the session cookie to enable the client device to access the feature of the first application;
  
  receiving, at the computer system, a request for the client device to access a feature of a second application in the computing environment;
  
  determining, with one or more processors associated with the computer system, whether access to the feature of the second application is dependent on establishing a server-side session for the client device in the computing environment;
  
  based on determining that the client device is authenticated to access the second application according to the session cookie and based on determining that access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment, instantiating, with the one or more processors associated with the computer system, a server-side session object to establish the server-side session for the client device in the computing environment, wherein the server-side session object enables the client device to access the feature of the second application in the computing environment;
  
  updating, with the one or more processors associated with the computer system, the server-side session object to include an identifier associated with the session cookie that is stored on the client device;
  
  generating with the one or more processors associated with the computer system, a response to the request based on enabling access to the feature of the second application using the server-side session object; and
  
  sending the response to the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 18, 19, 20)
- - 2. The method of claim 1 wherein determining whether access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment comprises determining whether access to the feature of the second application is controlled based on an configurable policy.
  - 3. The method of claim 2 wherein the configurable policy includes a security policy.
  - 4. The method of claim 2 wherein the configurable policy includes a resource usage policy.
  - 5. The method of claim 1 wherein determining whether access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment comprises determining that access to the feature of the second application is based on a limit of concurrent users accessing the feature of the second application.
  - 6. The method of claim 1 wherein determining whether access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment comprises determining that access to the feature of the second application is based on a time limit on a session for accessing the feature of the second application.
  - 7. The method of claim 1 wherein determining whether access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment comprises determining that access to the feature of the second application is based on an amount of data to be stored for the feature of the second application and an amount of memory available on the client device.
  - 8. The method of claim 1 further comprising:
    - updating, with the one or more processors associated with the computer system, the server-side session object with state information associated with the feature of the second application.
  - 18. The method of claim 1 further comprising:
    - receiving, from the client device, authentication credential information to determine access to the feature of the first application, wherein the authentication credential information is stored in the session cookie on the client device; and
      
      determining, based on the authentication credential information, authentication to access the feature of the first application.
  - 19. The method of claim 18, wherein instantiating the server-side session object includes updating the server-side session object to include the authentication credential information stored in the session cookie.
  - 20. The method of claim 1, wherein the feature of the first application is different from the feature of the second application.

9. A non-transitory computer-readable medium storing a computer program product which, when executed by a processor of a computer system, causes the processor to:
- based on authenticating a client device to access a first application in a computing environment, generate, by an access management system, a session cookie that enables the client device to access a feature of a first application in a computing environment, wherein access to the feature of the first application is enabled without establishing a server-based session for the client device in the computing environment;
  
  send the session cookie to the client device, wherein the client device stores the session cookie to enable the client device to access the feature of the first application;
  
  receive a request for the client device to access a feature of a second application in the computing environment;
  
  determine whether access to the feature of the second application is dependent on establishing a server-side session for the client device in the computing environment;
  
  based on determining that the client device is authenticated to access the second application according to the session cookie and based on determining that access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment, instantiate a server-side session object to establish the server-side session for the client device in the computing environment, wherein the server-side session object enables the client device to access the feature of the second application in the computing environment;
  
  update the server-side session object to include an identifier associated with the session cookie that is stored on the client device;
  
  generate a response to the request based on enabling access to the feature of the second application using the server-side session object; and
  
  send the response to the client device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The non-transitory computer-readable medium of claim 9 wherein determining whether access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment includes determining whether access to the feature of the second application is controlled based on a configurable policy.
  - 11. The non-transitory computer-readable medium of claim 10 wherein the configurable policy includes a security policy.
  - 12. The non-transitory computer-readable medium of claim 10 wherein the configurable policy includes a resource usage policy.
  - 13. The non-transitory computer-readable medium of claim 9 wherein determining whether access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment includes determining that access to the feature of the second application is based on a limit of concurrent users accessing the feature of the second application.
  - 14. The non-transitory computer-readable medium of claim 9 wherein determining whether access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment includes determining that access to the feature of the second application is based on a time limit on a session for accessing the feature of the second application.
  - 15. The non-transitory computer-readable medium of claim 9 wherein determining whether access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment includes determining that access to the feature of the second application is based on an amount of data to be stored for the feature of the second application and an amount of memory available on the client device.
  - 16. The non-transitory computer-readable medium of claim 9 wherein the computer program product, when executed by the processor, further causes the processor to:
    - update the server-side session object with state information associated with the feature of the second application.

17. A system comprising:
- a hardware processor; and
  
  a memory storing a set of instructions, which when executed by the hardware processor, causes the hardware processor to;
  
  based on authenticating a client device to access a first application in a computing environment, generate, by an access management system, a session cookie that enables the client device to access a feature of a first application in a computing environment, wherein access to the feature of the first application is enabled without establishing a server-based session for the client device in the computing environment;
  
  send the session cookie to the client device, wherein the client device stores the session cookie to enable the client device to access the feature of the first application;
  
  receive a request for the client device to access a feature of a second application in the computing environment;
  
  determine whether access to the feature of the second application is dependent on establishing a server-side session for the client device in the computing environment;
  
  based on determining that the client device is authenticated to access the second application according to the session cookie and based on determining that access to the feature of the second application is dependent on establishing the server-side session for the client device in the computing environment, instantiate a server-side session object to establish the server-side session for the client device in the computing environment, wherein the server-side session object enables the client device to access the feature of the second application in the computing environment;
  
  update the server-side session object to include an identifier associated with the session cookie that is stored on the client device;
  
  generate a response to the request based on enabling access to the feature of the second application using the server-side session object; and
  
  send the response to the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Motukuru, Vamsi, Chathoth, Vikas Pooven, Koottayi, Vipin Anaparakkal
Primary Examiner(s)
ELFERVIG, TAYLOR A

Application Number

US14/491,076
Publication Number

US 20150088978A1
Time in Patent Office

1,208 Days
Field of Search

709203, 709217, 709227, 726 3, 726 4
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/0838   using one-time-passwords

H04L 67/02   based on web technology, e....

H04L 67/14   Session management for real...

H04L 67/141   Setup of application sessio...

H04L 67/146   Markers for unambiguous ide...

H04L 67/148   Migration or transfer of se...

Cookie based session management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Cookie based session management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links