User session management for web applications

US 8,955,094 B2
Filed: 01/17/2006
Issued: 02/10/2015
Est. Priority Date: 01/17/2006
Status: Active Grant

First Claim

Patent Images

1. A method for user session management for web applications, the method comprising method steps performed by executing, by a computer processor, computer programming instructions stored in a recordable medium, the method steps comprising:

identifying, by a web application, a user session directive, the user session directive being an instruction to a web proxy security component to perform a task specific to an existing user session, the user session directive comprising a directive to re-authenticate the user;

sending, from the web application to the proxy web security component, an instruction to implement the user session directive within the existing user session;

receiving, by the proxy web security component, the instruction to implement the user session directive; and

implementing, by the proxy web security component, the user session directive within the existing user session.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and products are provided for user session management for web applications. Embodiments include identifying, by a web application, a user session directive and sending, from the web application to a proxy web security component, an instruction to implement the user session directive. Typical embodiments also include receiving, by the proxy web security component, the instruction to implement the user session directive and implementing, by the proxy web security component, the user session directive.

Citations

24 Claims

1. A method for user session management for web applications, the method comprising method steps performed by executing, by a computer processor, computer programming instructions stored in a recordable medium, the method steps comprising:
- identifying, by a web application, a user session directive, the user session directive being an instruction to a web proxy security component to perform a task specific to an existing user session, the user session directive comprising a directive to re-authenticate the user;
  
  sending, from the web application to the proxy web security component, an instruction to implement the user session directive within the existing user session;
  
  receiving, by the proxy web security component, the instruction to implement the user session directive; and
  
  implementing, by the proxy web security component, the user session directive within the existing user session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein implementing the user session directive further comprises re-authenticating the user.
  - 3. The method of claim 1 wherein the user session directive comprises a directive to re-authenticate the user using a different authentication method than previously implemented in the same user session.
  - 4. The method of claim 3 wherein implementing the user session directive further comprises re-authenticating the user using a different authentication method than previously implemented in the same user session.
  - 5. The method of claim 1 wherein the user session directive comprises a directive to terminate the user session.
  - 6. The method of claim 5 wherein implementing the user session directive further comprises terminating the user session.
  - 7. The method of claim 1 wherein sending, from the web application to a proxy web security component, an instruction to implement the user session directive further comprises sending an HTTP response message containing a value instructing a proxy web security component to implement the user session directive.
  - 8. The method of claim 7 wherein sending an HTTP response message containing a value instructing a proxy web security component to implement the user session directive further comprises inserting the value instructing the proxy web security component to implement the user session directive in a Pragma header field.

9. A system for user session management for web applications, the system comprising:
- a first computer processor;
  
  a first computer memory operatively coupled to the first computer processor, the first computer memory having disposed within it a web application including computer program instructions capable of;
  
  identifying a user session directive, the user session directive being an instruction to a web proxy security component to perform a task specific to an existing user session, the user session directive comprising a directive to re-authenticate the user; and
  
  sending, to the proxy web security component, an instruction to implement the user session directive within the existing user session;
  
  a second computer processor; and
  
  a second computer memory operatively coupled to the second computer processor, the second computer memory having disposed within it the proxy web security component including computer program instructions capable of;
  
  receiving, by the proxy web security component, the instruction to implement the user session directive; and
  
  implementing, by the proxy web security component, the user session directive within the existing user session.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9 wherein computer program instructions capable of implementing the user session directive further comprise computer program instructions capable of re-authenticating the user.
  - 11. The system of claim 9 wherein computer program instructions capable of identifying a user session directive further comprise computer program instructions capable of identifying a directive to re-authenticate the user using a different authentication system than previously implemented in the same user session.
  - 12. The system of claim 11 wherein computer program instructions capable of implementing the user session directive further comprise computer program instructions capable of re-authenticating the user using a different authentication method than previously implemented in the same user session.
  - 13. The system of claim 9 wherein computer program instructions capable of identifying a required user session directive further comprise computer program instructions capable of identifying a directive to terminate the user session.
  - 14. The system of claim 13 wherein computer program instructions capable of implementing the user session directive further comprise computer program instructions capable of terminating the user session.
  - 15. The system of claim 9 wherein computer program instructions capable of sending an instruction to implement the user session directive further comprise computer program instructions capable of sending an HTTP response message containing a value instructing a proxy web security component to implement the user session directive.
  - 16. The system of claim 15 wherein computer program instructions capable of sending an HTTP response message containing a value instructing a proxy web security component to implement the user session directive further comprise computer program instructions capable of inserting the value instructing the proxy web security component to implement the user session directive in a Pragma header field.

17. A computer program product embodied on a tangible computer-readable storage medium for user session management for web applications, the computer program product comprising:
- computer program instructions for identifying a user session directive, the user session directive being an instruction to a web proxy security component to perform a task specific to an existing user session, the user session directive comprising a directive to re-authenticate the user;
  
  computer program instructions for sending, to the proxy web security component, an instruction to implement the user session directive within the existing user session;
  
  computer program instructions for receiving, by the proxy web security component, the instruction to implement the user session directive; and
  
  computer program instructions for implementing, by the proxy web security component, the user session directive within the existing user session.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computer program product of claim 17 wherein computer program instructions for implementing the user session directive further comprise computer program instructions for re-authenticating the user.
  - 19. The computer program product of claim 17 wherein computer program instructions for identifying a user session directive further comprise computer program instructions for identifying a directive to re-authenticate the user using a different authentication computer program product than previously implemented in the same user session.
  - 20. The computer program product of claim 19 wherein computer program instructions for implementing the user session directive further comprise computer program instructions for re-authenticating the user using a different authentication computer program product than previously implemented in the same user session.
  - 21. The computer program product of claim 17 wherein computer program instructions for identifying a required user session directive further comprise computer program instructions for identifying a directive to terminate the user session.
  - 22. The computer program product of claim 21 wherein computer program instructions for implementing the user session directive further comprise computer program instructions for terminating the user session.
  - 23. The computer program product of claim 17 wherein computer program instructions for sending, from the web application to a proxy web security component, an instruction to implement the user session directive further comprise computer program instructions for sending an HTTP response message containing a value instructing a proxy web security component to implement the user session directive.
  - 24. The computer program product of claim 23 wherein computer program instructions for sending an HTTP response message containing a value instructing a proxy web security component to implement the user session directive further comprise computer program instructions for inserting the value instructing the proxy web security component to implement the user session directive in a Pragma header field.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Finjan Blue, Inc. (FIG LLC (d/b/a Fortress Investment Group LLC))
Original Assignee
International Business Machines Corporation
Inventors
Readshaw, Neil I.
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US11/333,418
Publication Number

US 20070169185A1
Time in Patent Office

3,311 Days
Field of Search

726 11- 12, 370 34-430, 705/79, 709238-244, 713153-154
US Class Current

726/12
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04L 63/168   above the transport layer

H04L 67/14   Session management for real...

User session management for web applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

User session management for web applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links